From 9ebbfeff38770876e48a4d38741dd9fffc001a42 Mon Sep 17 00:00:00 2001 From: Kilian Zinnecker Date: Wed, 6 Dec 2023 20:25:27 +0100 Subject: [PATCH] configs/rock5b: add hash for custom kernel Commit d344ffe6245b (configs/rock5b: add hash for custom uboot) explicitly noted that the kernel was retrieved from a git-clone, so the sha1 of the commit was enough to get what we expect. However, that does not account for the fact that the upstream repository can disapear or be temporarily unavailable (maliciously or not). In that case, the kernel archive will be looked up on the backup mirror. In that case, the download is via wget over https, which protects the transport, but does not guarantee that the remote server serves the expected archive. The hash file was dropped when d344ffe6245b was applied; restore it. Since the defconfig now has hashes for all its downloads, enforce checking hashes. Signed-off-by: Kilian Zinnecker Signed-off-by: Yann E. MORIN --- board/radxa/rock5b/patches/linux/linux.hash | 2 ++ configs/rock5b_defconfig | 1 + 2 files changed, 3 insertions(+) create mode 100644 board/radxa/rock5b/patches/linux/linux.hash diff --git a/board/radxa/rock5b/patches/linux/linux.hash b/board/radxa/rock5b/patches/linux/linux.hash new file mode 100644 index 0000000000..95ad749554 --- /dev/null +++ b/board/radxa/rock5b/patches/linux/linux.hash @@ -0,0 +1,2 @@ +# Locally calculated +sha256 a5eca7b8f929a1918125e2e4fbd7ab4ea5b3910b5ae4547e81c794b47373ffb5 linux-52f51a2b5ba178f331af62260d2da86d7472c14b-br1.tar.gz diff --git a/configs/rock5b_defconfig b/configs/rock5b_defconfig index eed656ef5f..2e72b386b1 100644 --- a/configs/rock5b_defconfig +++ b/configs/rock5b_defconfig @@ -6,6 +6,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS="" BR2_TARGET_GENERIC_HOSTNAME="rock5b" BR2_TARGET_GENERIC_ISSUE="Welcome to the rock5b board" BR2_GLOBAL_PATCH_DIR="board/radxa/rock5b/patches" +BR2_DOWNLOAD_FORCE_CHECK_HASHES=y BR2_SYSTEM_DHCP="eth0" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_GIT=y