Entware installation broken (403) + concerns about dependency design and supply chain risk

[iRomanyshyn]

Hi,

I ran into an issue with Entware while using the helper script on a K1-series printer.

1. Broken fallback source (403)

The script uses openk1.org as a fallback source:

https://www.openk1.org/static/entware/mipselsf-k3.4/installer/opkg.conf

This endpoint currently returns 403 Forbidden, and the downloaded file becomes an HTML error page instead of a valid config:

cat /opt/etc/opkg.conf

Actual content received:

<HTML>
<HEAD>
<TITLE>403 Forbidden</TITLE>
...
</HTML>

As a result:

• opkg becomes unusable
• Entware installation is effectively broken
• The helper script reports success, but the environment is not functional

2. Primary source is unreliable in practice

The script also relies on:

https://bin.entware.net/mipselsf-k3.4/installer/opkg.conf

While this endpoint technically works, it resolves to the infrastructure behind yacloud.entware.net.

In practice, such IP ranges are frequently blocked or filtered in many environments due to ongoing abuse and attack traffic. This makes the installation unreliable, depending on network policies and location.

3. Broader issue: dependency design

Beyond availability issues, the larger concern is the dependency itself.

Entware appears to be maintained outside of this project, with limited transparency, an unclear trust model, and no built-in safeguards (mirrors, verification, redundancy).

This creates multiple risks:

• Single external dependency with no fallback
• No integrity verification (checksums/signatures)
• Potential supply chain exposure
• Non-deterministic behavior depending on the network environment

4. Recommendation

Instead of replacing one repository with another, it may be better to reconsider the dependency entirely:

• Make Entware optional (currently, it's required for git backup)
• Remove it from the critical path of the helper script
• Replace it with a more transparent and maintainable approach if possible
• Or, at least, clearly document its risks and limitations

Most Klipper-related functionality (Moonraker, Mainsail/Fluidd, KAMP, macros, etc.) works perfectly without Entware, so this dependency is not strictly required and currently adds instability.

Let me know if logs or additional details are needed.

Thanks.