From d9c66f3e82eab3931a66295cbae8e077a4e79afd Mon Sep 17 00:00:00 2001
From: casperklein <casperklein@users.noreply.github.com>
Date: Wed, 19 Jun 2024 01:29:44 +0200
Subject: [PATCH] =?UTF-8?q?remove=20-k=20from=20curl=20option=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20-k,=20--insecure=20=20=20=20=20=20=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20(TLS=20SFTP=20SCP)=20By=20default,=20every=20secure?=
 =?UTF-8?q?=20connection=20curl=20makes=20is=20=20=20=20=20=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20verified=20to=20be=20secure=20before=20the=20tra?=
 =?UTF-8?q?nsfer=20takes=20place.=20This=20=20op=E2=80=90=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20=20=20=20=20=20tion=20=20makes=20=20curl=20skip?=
 =?UTF-8?q?=20the=20verification=20step=20and=20proceed=20without=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20=20=20=20=20=20=20=20checking.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

              When this option is not used for protocols using TLS, curl veri‐
              fies  the server's TLS certificate before it continues: that the
              certificate contains the right name which matches the host  name
              used in the URL and that the certificate has been signed by a CA
              certificate present in the cert store.  See this online resource
              for further details:
               https://curl.se/docs/sslcerts.html

              For  SFTP  and  SCP, this option makes curl skip the known_hosts
              verification.  known_hosts is a  file  normally  stored  in  the
              user's home directory in the ".ssh" subdirectory, which contains
              host names and their public keys.

              WARNING: using this option makes the transfer insecure.

              When curl uses secure protocols it trusts responses  and  allows
              for  example  HSTS and Alt-Svc information to be stored and used
              subsequently. Using -k, --insecure can make curl trust  and  use
              such information from malicious servers.

              Providing  -k,  --insecure  multiple  times has no extra effect.
              Disable it again with --no-insecure.

              Example:
               curl --insecure https://example.com

              See also --proxy-insecure, --cacert and --capath.
---
 target/scripts/build/packages.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh
index 004c3b8c..4469f508 100644
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@@ -189,8 +189,8 @@ function _install_fail2ban() {
 
   gpg --keyserver "${FAIL2BAN_GPG_PUBLIC_KEY_SERVER}" --recv-keys "${FAIL2BAN_GPG_PUBLIC_KEY_ID}" 2>&1
 
-  curl -Lkso fail2ban.deb "${FAIL2BAN_DEB_URL}"
-  curl -Lkso fail2ban.deb.asc "${FAIL2BAN_DEB_ASC_URL}"
+  curl -fsSLo fail2ban.deb "${FAIL2BAN_DEB_URL}"
+  curl -fsSLo fail2ban.deb.asc "${FAIL2BAN_DEB_ASC_URL}"
 
   FINGERPRINT=$(LANG=C gpg --verify fail2ban.deb.asc fail2ban.deb |& sed -n 's#Primary key fingerprint: \(.*\)#\1#p')