kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Peter Korsgaard	4984d0f230	utils/add-custom-hashes: add script to manage global patch dir hashes Add a script to manage the .hash files in the BR2_GLOBAL_PATCH_DIR for packages using custom versions. To use it, run in a configured Buildroot directory, E.G. make foo_defconfig; ./utils/add-custom-hashes We support multiple patch directories in BR2_GLOBAL_PATCH_DIR. If multiple directories are specified then use the last one as that is likely to be the most specific one. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Peter: silence command -v invocation] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2023-11-12 11:59:27 +01:00
Yann E. MORIN	5d36710e36	package/pkg-download: lookup hash files in global-patch-dir Currently, we expect and only use hash files that lie within the package directory, alongside the .mk file. Those hash files are thus bundled with Buildroot. This implies that only what's known to Buildroot can ever get into those hash files. For packages where the version is fixed (or a static choice), then we can carry hashes for those known versions. However, we do have a few packages for which the version is a free-form entry, where the user can provide a custom location and/or version. like a custom VCS tree and revision, or a custom tarball URL. This means that Buildroot has no way to be able to cary hashes for such custom versions. This means that there is no integrity check that what was downloaded is what was expected. For a sha1 in a git tree, this is a minor issue, because the sha1 by itself is already a hash of the expected content. But for custom tarballs URLs, or for a tag in a VCS, there is indeed no integrity check. Buildroot can't provide such hashes, but interested users may want to provide those, and currently there is no (easy) way to do so. We leverage the existing global-patch-dir mechanism to look for extra hash files. We use the same heuristic that is used for bundled hash files, and for each global patch directory <dir>, we use the first file to exist among: 1. look into <dir>/<package>/<version>/<package>.hash 2. look into <dir>/<package>/<package>.hash Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2023-11-07 11:48:46 +01:00
Francois Perrad	32cec3be97	docs/manual: rename .txt as .adoc by using this standard extension `adoc`, these files are rendered on gitlab & github Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2023-09-30 10:25:22 +02:00

Author

SHA1

Message

Date

Peter Korsgaard

4984d0f230

utils/add-custom-hashes: add script to manage global patch dir hashes

Add a script to manage the .hash files in the BR2_GLOBAL_PATCH_DIR for
packages using custom versions.

To use it, run in a configured Buildroot directory, E.G.

  make foo_defconfig; ./utils/add-custom-hashes

We support multiple patch directories in BR2_GLOBAL_PATCH_DIR.  If multiple
directories are specified then use the last one as that is likely to be the
most specific one.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: silence command -v invocation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2023-11-12 11:59:27 +01:00

Yann E. MORIN

5d36710e36

package/pkg-download: lookup hash files in global-patch-dir

Currently, we expect and only use hash files that lie within the package
directory, alongside the .mk file. Those hash files are thus bundled
with Buildroot.

This implies that only what's known to Buildroot can ever get into those
hash files. For packages where the version is fixed (or a static
choice), then we can carry hashes for those known versions.

However, we do have a few packages for which the version is a free-form
entry, where the user can provide a custom location and/or version.  like
a custom VCS tree and revision, or a custom tarball URL. This means that
Buildroot has no way to be able to cary hashes for such custom versions.

This means that there is no integrity check that what was downloaded is
what was expected. For a sha1 in a git tree, this is a minor issue,
because the sha1 by itself is already a hash of the expected content.
But for custom tarballs URLs, or for a tag in a VCS, there is indeed no
integrity check.

Buildroot can't provide such hashes, but interested users may want to
provide those, and currently there is no (easy) way to do so.

We leverage the existing global-patch-dir mechanism to look for extra
hash files. We use the same heuristic that is used for bundled hash
files, and for each global patch directory <dir>, we use the first file
to exist among:
 1. look into <dir>/<package>/<version>/<package>.hash
 2. look into <dir>/<package>/<package>.hash

Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2023-11-07 11:48:46 +01:00

Francois Perrad

32cec3be97

docs/manual: rename *.txt as *.adoc

by using this standard extension `adoc`,
these files are rendered on gitlab & github

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

2023-09-30 10:25:22 +02:00

3 Commits