Open Menu / doc / usage / cmd / wget.rst
Loading...
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
.. SPDX-License-Identifier: GPL-2.0+:

.. index::
   single: wget (command)

wget command
============

Synopsis
--------

::

    wget [address] [host:]path
    wget [address] url                  # lwIP only
    wget cacert none|optional|required  # lwIP only
    wget cacert <address> <size>        # lwIP only


Description
-----------

The wget command is used to download a file from an HTTP(S) server.
In order to use HTTPS you will need to compile wget with lwIP support.

Legacy syntax
~~~~~~~~~~~~~

The legacy syntax is supported by the legacy network stack (CONFIG_NET=y)
as well as by the lwIP base network stack (CONFIG_NET_LWIP=y). It supports HTTP
only.

By default the destination port is 80 and the source port is pseudo-random.
On the legacy nework stack the environment variable *httpdstp* can be used to
set the destination port

address
    memory address for the data downloaded

host
    IP address (or host name if `CONFIG_DNS` is enabled) of the HTTP
    server, defaults to the value of environment variable *serverip*.

path
    path of the file to be downloaded.

New syntax (lwIP only)
~~~~~~~~~~~~~~~~~~~~~~

In addition to the syntax described above, wget accepts URLs if the network
stack is lwIP.

address
    memory address for the data downloaded

url
    HTTP or HTTPS URL, that is: http[s]://<host>[:<port>]/<path>.

The cacert (stands for 'Certification Authority certificates') subcommand is
used to provide root certificates for the purpose of HTTPS authentication. It
also allows to enable or disable authentication.

wget cacert <address> <size>

address
    memory address of the root certificates in X509 DER format

size
    the size of the root certificates

wget cacert none|optional|required

none
    certificate verification is disabled. HTTPS is used without any server
    authentication (unsafe)
optional
    certificate verification is enabled provided root certificates have been
    provided via wget cacert <addr> <size> or wget cacert builtin. Otherwise
    HTTPS is used without any server authentication (unsafe).
required
    certificate verification is mandatory. If no root certificates have been
    configured, HTTPS transfers will fail.


Examples
--------

Example with the legacy network stack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the example the following steps are executed:

* setup client network address
* download a file from the HTTP server

::

    => setenv autoload no
    => dhcp
    BOOTP broadcast 1
    *** Unhandled DHCP Option in OFFER/ACK: 23
    *** Unhandled DHCP Option in OFFER/ACK: 23
    DHCP client bound to address 192.168.1.105 (210 ms)
    => wget ${loadaddr} 192.168.1.254:/index.html
    HTTP/1.0 302 Found
    Packets received 4, Transfer Successful

Example with lwIP
~~~~~~~~~~~~~~~~~

In the example the following steps are executed:

* setup client network address
* download a file from the HTTPS server

::

   => dhcp
   DHCP client bound to address 10.0.2.15 (3 ms)
   => wget https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.4-aarch64-minimal.iso
   ##########################################################################
   ##########################################################################
   ##########################################################################
   [...]
   1694892032 bytes transferred in 492181 ms (3.3 MiB/s)
   Bytes transferred = 1694892032 (65060000 hex)

Here is an example showing how to configure built-in root certificates as
well as providing some at run time. In this example it is assumed that
CONFIG_WGET_BUILTIN_CACERT_PATH=DigiCertTLSRSA4096RootG5.crt downloaded from
https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt.

::

   # Make sure IP is configured
   => dhcp
   # When built-in certificates are configured, authentication is mandatory
   # (i.e., "wget cacert required"). Use a test server...
   => wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/
   1864 bytes transferred in 1 ms (1.8 MiB/s)
   Bytes transferred = 1864 (748 hex)
   # Another server not signed against Digicert will fail
   => wget https://www.google.com/

   HTTP client error 4
   Certificate verification failed
   # Disable authentication to allow the command to proceed anyways
   => wget cacert none
   => wget https://www.google.com/
   WARNING: no CA certificates, HTTPS connections not authenticated
   16683 bytes transferred in 15 ms (1.1 MiB/s)
   Bytes transferred = 16683 (412b hex)
   # Force verification but unregister the CA certificates
   => wget cacert required
   => wget cacert 0 0
   # Unsurprisingly, download fails
   => wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/
   Error: cacert authentication mode is 'required' but no CA certificates given
   # Get the same certificates as above from the network
   => wget cacert none
   => wget https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt
   WARNING: no CA certificates, HTTPS connections not authenticated
   1386 bytes transferred in 1 ms (1.3 MiB/s)
   Bytes transferred = 1386 (56a hex)
   # Register them and force authentication
   => wget cacert $fileaddr $filesize
   => wget cacert required
   # Authentication is operational again
   => wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/
   1864 bytes transferred in 1 ms (1.8 MiB/s)
   Bytes transferred = 1864 (748 hex)
   # The builtin certificates can be restored at any time
   => wget cacert builtin

Configuration
-------------

The command is only available if CONFIG_CMD_WGET=y.
To enable lwIP support set CONFIG_NET_LWIP=y. In this case, root certificates
support can be enabled via CONFIG_WGET_BUILTIN_CACERT=y
CONFIG_WGET_BUILTIN_CACERT_PATH=<some path> (for built-in certificates) and/or
CONFIG_WGET_CACERT=y (for the wget cacert command).

TCP Selective Acknowledgments in the legacy network stack can be enabled via
CONFIG_PROT_TCP_SACK=y. This will improve the download speed. Selective
Acknowledgments are enabled by default with lwIP.