OpenWrt之opkg详解
OpenWrt之opkg详解
前言
opkg是OpenWrt的软件包的管理系统, 管理着整个OpenWrt的软件包以及驱动内核模块, 今天就来看看opkg在路由器都有哪些神奇的操作.
opkg Git Source
https://git.openwrt.org/project/opkg-lede.git
opkg download
opkg的下载方式是wget
, 参考源码libopkg/opkg_download.c
{
int res;
const char *argv[11];
int i = 0;
argv[i++] = "wget";
argv[i++] = "-q";
if (conf->no_check_certificate) {
argv[i++] = "--no-check-certificate";
}
if (conf->http_timeout) {
argv[i++] = "--timeout";
argv[i++] = conf->http_timeout;
}
if (conf->http_proxy || conf->https_proxy || conf->ftp_proxy) {
argv[i++] = "-Y";
argv[i++] = "on";
}
argv[i++] = "-O";
argv[i++] = tmp_file_location;
argv[i++] = src;
argv[i++] = NULL;
res = xsystem(argv);
if (res) {
opkg_msg(ERROR,
"Failed to download %s, wget returned %d.\n",
src, res);
if (res == 4)
opkg_msg(ERROR,
"Check your network settings and connectivity.\n\n");
free(tmp_file_location);
return -1;
}
}
opkg options
- opkg的配置文件
/etc/opkg.conf
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
option check_signature
配置项格式: <option> <type> <conf>
-
dest root /
这个是根目录位置, 默认/
-
dest ram /tmp
这个是内存的临时存放位置, 默认是/tmp
-
lists_dir ext /var/opkg-lists
这个是opkg update
时Packages.gz
的保存位置, 默认是/var/opkg-lists
-
option overlay_root /overlay
这个是根文件系统, 保持默认即可 -
option check_signature
这个是检查包签名(.sig), 默认值是1
, 开启, 类型为bool,option check_signature 0
, 0为禁用
- 选项源码在
libopkg/opkg_conf
中
libopkg/opkg_conf.h
/* options */
int autoremove;
int force_depends;
int force_defaults;
int force_maintainer;
int force_overwrite;
int force_downgrade;
int force_reinstall;
int force_space;
int force_removal_of_dependent_packages;
int force_removal_of_essential_packages;
int force_postinstall;
int force_remove;
int force_checksum;
int check_signature;
int force_signature;
int no_check_certificate;
int nodeps; /* do not follow dependencies */
int nocase; /* perform case insensitive matching */
char *offline_root;
char *overlay_root;
int query_all;
int verbosity;
char *verify_program;
int noaction;
int size;
int strip_abi;
int download_only;
char *cache;
/* proxy options */
char *http_proxy;
char *http_timeout;
char *https_proxy;
char *ftp_proxy;
char *no_proxy;
char *proxy_user;
char *proxy_passwd;
char *signature_ca_file;
char *signature_ca_path;
libopkg/opkg_conf.c
opkg_option_t options[] = {
{"cache", OPKG_OPT_TYPE_STRING, &_conf.cache},
{"force_defaults", OPKG_OPT_TYPE_BOOL, &_conf.force_defaults},
{"force_maintainer", OPKG_OPT_TYPE_BOOL, &_conf.force_maintainer},
{"force_depends", OPKG_OPT_TYPE_BOOL, &_conf.force_depends},
{"force_overwrite", OPKG_OPT_TYPE_BOOL, &_conf.force_overwrite},
{"force_downgrade", OPKG_OPT_TYPE_BOOL, &_conf.force_downgrade},
{"force_reinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_reinstall},
{"force_space", OPKG_OPT_TYPE_BOOL, &_conf.force_space},
{"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
{"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
{"http_timeout", OPKG_OPT_TYPE_STRING, &_conf.http_timeout},
{"https_proxy", OPKG_OPT_TYPE_STRING, &_conf.https_proxy},
{"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
{"test", OPKG_OPT_TYPE_BOOL, &_conf.noaction},
{"noaction", OPKG_OPT_TYPE_BOOL, &_conf.noaction},
{"download_only", OPKG_OPT_TYPE_BOOL, &_conf.download_only},
{"nodeps", OPKG_OPT_TYPE_BOOL, &_conf.nodeps},
{"nocase", OPKG_OPT_TYPE_BOOL, &_conf.nocase},
{"offline_root", OPKG_OPT_TYPE_STRING, &_conf.offline_root},
{"overlay_root", OPKG_OPT_TYPE_STRING, &_conf.overlay_root},
{"proxy_passwd", OPKG_OPT_TYPE_STRING, &_conf.proxy_passwd},
{"proxy_user", OPKG_OPT_TYPE_STRING, &_conf.proxy_user},
{"query-all", OPKG_OPT_TYPE_BOOL, &_conf.query_all},
{"size", OPKG_OPT_TYPE_BOOL, &_conf.size},
{"strip_abi", OPKG_OPT_TYPE_BOOL, &_conf.strip_abi},
{"tmp_dir", OPKG_OPT_TYPE_STRING, &_conf.tmp_dir},
{"verbosity", OPKG_OPT_TYPE_INT, &_conf.verbosity},
{"verify_program", OPKG_OPT_TYPE_STRING, &_conf.verify_program},
{NULL, 0, NULL}
};
通过上面的选项, 可以在/etc/opkg.conf
中额外添加option, 比如我想添加不检查远程https证书, 找到该选项的类型, 按照格式填写进opkg.conf
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
option check_signature
# 下面是我添加的
optinon no_check_certificate 1
# 添加代理
optinon http_proxy 127.0.0.1:7890
optinon https_proxy 127.0.0.1:7890
optinon ftp_proxy 127.0.0.1:7890
# 超时时间 单位: 秒
option http_timeout 5
# 代理认证信息, 没有请忽略
optinon proxy_user NueXini
optinon proxy_passwd NueXini
opkg usuage
src/opkg-cl.c
--> static void usage()
opkg must have one sub-command argument
usage: opkg [options...] sub-command [arguments...]
where sub-command is one of:
Package Manipulation:
update Update list of available packages
upgrade <pkgs> Upgrade packages
install <pkgs> Install package(s)
configure <pkgs> Configure unpacked package(s)
remove <pkgs|regexp> Remove package(s)
flag <flag> <pkgs> Flag package(s)
<flag>=hold|noprune|user|ok|installed|unpacked (one per invocation)
Informational Commands:
list List available packages
list-installed List installed packages
list-upgradable List installed and upgradable packages
list-changed-conffiles List user modified configuration files
files <pkg> List files belonging to <pkg>
search <file|regexp> List package providing <file>
find <regexp> List packages whose name or description matches <regexp>
info [pkg|regexp] Display all info for <pkg>
status [pkg|regexp] Display all status for <pkg>
download <pkg> Download <pkg> to current directory
compare-versions <v1> <op> <v2>
compare versions using <= < > >= = << >>
print-architecture List installable package architectures
depends [-A] [pkgname|pat]+
whatdepends [-A] [pkgname|pat]+
whatdependsrec [-A] [pkgname|pat]+
whatrecommends[-A] [pkgname|pat]+
whatsuggests[-A] [pkgname|pat]+
whatprovides [-A] [pkgname|pat]+
whatconflicts [-A] [pkgname|pat]+
whatreplaces [-A] [pkgname|pat]+
Options:
-A Query all packages not just those installed
-V[<level>] Set verbosity level to <level>.
--verbosity[=<level>] Verbosity levels:
0 errors only
1 normal messages (default)
2 informative messages
3 debug
4 debug level 2
-f <conf_file> Use <conf_file> as the opkg configuration file
--conf <conf_file>
--cache <directory> Use a package cache
-d <dest_name> Use <dest_name> as the the root directory for
--dest <dest_name> package installation, removal, upgrading.
<dest_name> should be a defined dest name from
the configuration file, (but can also be a
directory name in a pinch).
-o <dir> Use <dir> as the root directory for
--offline-root <dir> offline installation of packages.
--verify-program <path> Use the given program to verify usign signatures
--add-arch <arch>:<prio> Register architecture with given priority
--add-dest <name>:<path> Register destination with given path
Force Options:
--force-depends Install/remove despite failed dependencies
--force-maintainer Overwrite preexisting config files
--force-reinstall Reinstall package(s)
--force-overwrite Overwrite files from other package(s)
--force-downgrade Allow opkg to downgrade packages
--force-space Disable free space checks
--force-postinstall Run postinstall scripts even in offline mode
--force-remove Remove package even if prerm script fails
--force-checksum Don't fail on checksum mismatches
--no-check-certificate Don't validate SSL certificates
--noaction No action -- test only
--download-only No action -- download only
--nodeps Do not follow dependencies
--nocase Perform case insensitive pattern matching
--size Print package size when listing available packages
--strip-abi Print package name without appended ABI version
--force-removal-of-dependent-packages
Remove package and all dependencies
--autoremove Remove packages that were installed
automatically to satisfy dependencies
-t Specify tmp-dir.
--tmp-dir Specify tmp-dir.
-l Specify lists-dir.
--lists-dir Specify lists-dir.
regexp could be something like 'pkgname*' '*file*' or similar
e.g. opkg info 'libstd*' or opkg search '*libop*' or opkg remove 'libncur*'
用法: opkg [options...] sub-command [arguments...]
, 下面讲几个常见的用法
opkg commands
opkg update
更新软件包, 不需要额外参数opkg upgrade luci-app-sqm iptables-nft
升级软件包, 多个软件包使用空格
分开, 如果luci-app-sqm
未安装, 则会执行opkg install
安装软件opkg --nodeps install luci-app-sqm
安装软件但是不安装依赖, 多个软件包使用空格
分开opkg print-architecture
获取架构, 不需要额外参数
root@X-WRT:~# opkg print-architecture
arch all 1
arch noarch 1
arch mipsel_24kc 10
opkg whatdepends luci-app-ddns
root@X-WRT:~# opkg whatdepends luci-app-ddns
Root set:
luci-app-ddns
What depends on root set
luci-i18n-ddns-zh-cn git-22.205.58624-4d77b1b depends on luci-app-ddns
- 优先级问题
输入opkg --nodeps install luci-app-sqm
时nodeps
的优先级 大于 /etc/opkg.conf
里面option nodeps
的优先级
在/etc/opkg.conf
假如添加了option nodeps 1
, 输入opkg install luci-app-sqm
时, 会附加--nodeps
opkg .ipk
.ipk
文件的本质其实是一个压缩包
, 我们以ip6tables-nft_1.8.8-1_mipsel_24kc.ipk
为例, 拆解这个ipk看看葫芦里卖的什么药.
ipk里共有三个文件
hi@ubuntu:~$ tar -tvf ip6tables-nft_1.8.8-1_mipsel_24kc.ipk
-rw-r--r-- 0/0 4 2022-07-11 01:07 ./debian-binary
-rw-r--r-- 0/0 244 2022-07-11 01:07 ./data.tar.gz
-rw-r--r-- 0/0 606 2022-07-11 01:07 ./control.tar.gz
debian-binary
hi@ubuntu:~$ cat ./debian-binary
2.0
# 这个文件内容好像都是2.0 查看了几个ipk都是这样
data.tar.gz
hi@ubuntu:~$ tar -tvf data.tar.gz
drwxr-xr-x 0/0 0 2022-07-11 01:07 ./
drwxr-xr-x 0/0 0 2022-07-11 01:07 ./usr/
drwxr-xr-x 0/0 0 2022-07-11 01:07 ./usr/sbin/
lrwxrwxrwx 0/0 0 2022-07-11 01:07 ./usr/sbin/ip6tables-nft -> xtables-nft-multi
lrwxrwxrwx 0/0 0 2022-07-11 01:07 ./usr/sbin/ip6tables-nft-restore -> xtables-nft-multi
lrwxrwxrwx 0/0 0 2022-07-11 01:07 ./usr/sbin/ip6tables-nft-save -> xtables-nft-multi
lrwxrwxrwx 0/0 0 2022-07-11 01:07 ./usr/sbin/ip6tables-restore-translate -> xtables-nft-multi
lrwxrwxrwx 0/0 0 2022-07-11 01:07 ./usr/sbin/ip6tables-translate -> xtables-nft-multi
# 这几个应该是会安装到/usr/sbin/
control.tar.gz
hi@ubuntu:~$ tar -tvf control.tar.gz
drwxr-xr-x 0/0 0 2022-07-11 01:07 ./
-rw-r--r-- 0/0 662 2022-07-11 01:07 ./control
-rwxr-xr-x 0/0 160 2022-07-11 01:07 ./postinst
-rwxr-xr-x 0/0 117 2022-07-11 01:07 ./prerm
control.tar.gz
-->control
Package: ip6tables-nft
Version: 1.8.8-1
Depends: libc, kmod-ip6tables, xtables-nft
Provides: ip6tables
Alternatives: 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi, 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi, 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
Source: package/network/utils/iptables
SourceName: ip6tables-nft
License: GPL-2.0
Section: net
SourceDateEpoch: 1657472867
CPE-ID: cpe:/a:netfilter_core_team:iptables
Architecture: mipsel_24kc
Installed-Size: 244
Description: Extra ip6tables nftables nft binaries.
ip6tables-nft
ip6tables-nft-restore
ip6tables-nft-save
ip6tables-translate
ip6tables-restore-translate
control.tar.gz
-->postinst
#!/bin/sh
[ "${IPKG_NO_SCRIPT}" = "1" ] && exit 0
[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
. ${IPKG_INSTROOT}/lib/functions.sh
default_postinst $0 $@
control.tar.gz
-->prerm
#!/bin/sh
[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
. ${IPKG_INSTROOT}/lib/functions.sh
default_prerm $0 $@
File | explain | Makefile |
---|---|---|
control | 控制文件 | include/package.mk |
conffiles | 配置文件 | include/package-ipkg.mk |
preinst | 安装软件包之前执行的脚本 | include/package-ipkg.mk |
postinst | 安装软件包之后执行脚本 | include/package-ipkg.mk |
prerm | 安装软件包之前执行的脚本 | include/package-ipkg.mk |
postrm | 安装软件包之后执行的脚本 | include/package-ipkg.mk |
Enjot it ~~