NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
390b4e684b
kumquat-buildroot/package/pkg-download.mk
Yann E. MORIN c92be85e3a support/download: make the svn backend more reproducible 
Since c043ecb20c (support/download: change format of archives
generated from svn), the svn backend uses the generic helper to
create reproducible archives.

That helper really does its job as expected, but the svn backend
is flawed in two ways:

  - the first, most obvious breakage happens with versions older
    than 1.9, as they do not support the '--show-item' option
    for the 'info' action;

  - the second is more involved, in that svn will by default
    expand the old, legacy, deprecated, cumbersome CVS-style
    keywords, in the form of revision marks like '$Date$' in a
    C-style comment in a source file. These replacements are
    done on checkout as well as on export, and they use local
    settings, like the local locale and timezone.

    This means that two people with different settings, will get
    different sources when the svn-checkout or svn-export the same
    revision from the same tree...

    Needless to say that this is not very reproducible...

While the first is easily solved, the second is more involved.

We need to ensure that what source is used initially to compute
the hash, will also be the source that are used to check the hash.

There are basically two solutions:

 1. we ensure the same environment, by forcing the timezone and
    the locale to arbitrary values

 2. we disable keyword expansion

For the first solution, this still leaves the possibility that we
miss some environment settings that have an impact on the keyword
expansion. It would mean that Yann's settings be used, as he did
introduce the hash for the only svn-downloaded package we have,
avrdude, settings which are:
    TZ=Europe/Paris
    LC_TIME="en_US.UTF-8"
    LC_COLLATE="en_GB.UTF-8"
    LC_MONETARY="fr_FR.utf8"
    LC_NUMERIC="fr_FR.utf8"

The second option means that the generated archives change. That
means we'd have to bump the archive version for svn downloads, and
that we update the hashes for all the svn-downloaded packages.

We chose to go with the second option, because this is what really
makes more sense, rather than hard-coding arbitrary values in the
environment. And we also have only one svn-downloaded package,
avrdude.

And thus, we're reaching the trigger for this change: avrdude is
impacted by the CVS-keyword expansion issue:

    https://svn.savannah.gnu.org/viewvc/avrdude/trunk/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js?revision=1396&view=markup

which would give two different files when checked out on different
machines:

    diff -durN foo/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js bar/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js
    --- foo/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js 2020-09-22 09:36:45.000000000 +0200
    +++ bar/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js 2020-09-22 09:36:45.000000000 +0200
    @@ -1,6 +1,6 @@
     /**
      * @preserve jquery.layout 1.3.0 - Release Candidate 30.51
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      * $Rev: 303005 $
      *
      * Copyright (c) 2012
    @@ -4718,7 +4718,7 @@

     /**
      * jquery.layout.state 1.0
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      *
      * Copyright (c) 2010
      *   Kevin Dalman (http://allpro.net)
    @@ -5074,7 +5074,7 @@

     /**
      * jquery.layout.buttons 1.0
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      *
      * Copyright (c) 2010
      *   Kevin Dalman (http://allpro.net)
    @@ -5356,7 +5356,7 @@

     /**
      * jquery.layout.browserZoom 1.0
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      *
      * Copyright (c) 2012
      *   Kevin Dalman (http://allpro.net)

So we also update the hash for avrdude.

Fixes:
    http://autobuild.buildroot.org/results/e3b/e3b0508047f32008ebfa83c5255ec5994b6af120/ (time issue)
    http://autobuild.buildroot.org/results/48e/48e78e84b425e79cdb98c16ab40247a0fa7e9676/ (keyword expansion issue)

Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-11 21:54:00 +01:00

123 lines
4.3 KiB
Makefile
Raw Blame History

################################################################################
#
# This file contains the download helpers for the various package
# infrastructures. It is used to handle downloads from HTTP servers,
# FTP servers, Git repositories, Subversion repositories, Mercurial
# repositories, Bazaar repositories, and SCP servers.
#
################################################################################
# Download method commands
export WGET := $(call qstrip,$(BR2_WGET))
export SVN := $(call qstrip,$(BR2_SVN))
export CVS := $(call qstrip,$(BR2_CVS))
export BZR := $(call qstrip,$(BR2_BZR))
export GIT := $(call qstrip,$(BR2_GIT))
export HG := $(call qstrip,$(BR2_HG))
export SCP := $(call qstrip,$(BR2_SCP))
export LOCALFILES := $(call qstrip,$(BR2_LOCALFILES))
# Version of the format of the archives we generate in the corresponding
# download backend:
BR_FMT_VERSION_git = -br1
BR_FMT_VERSION_svn = -br2
DL_WRAPPER = support/download/dl-wrapper
# DL_DIR may have been set already from the environment
ifeq ($(origin DL_DIR),undefined)
DL_DIR ?= $(call qstrip,$(BR2_DL_DIR))
ifeq ($(DL_DIR),)
DL_DIR := $(TOPDIR)/dl
endif
else
# Restore the BR2_DL_DIR that was overridden by the .config file
BR2_DL_DIR = $(DL_DIR)
endif
# ensure it exists and a absolute path, derefrecing symlinks
DL_DIR := $(shell mkdir -p $(DL_DIR) && cd $(DL_DIR) >/dev/null && pwd -P)
#
# URI scheme helper functions
# Example URIs:
# * http://www.example.com/dir/file
# * scp://www.example.com:dir/file (with domainseparator :)
#
# geturischeme: http
geturischeme = $(firstword $(subst ://, ,$(call qstrip,$(1))))
# getschemeplusuri: git|parameter+http://example.com
getschemeplusuri = $(call geturischeme,$(1))$(if $(2),\|$(2))+$(1)
# stripurischeme: www.example.com/dir/file
stripurischeme = $(lastword $(subst ://, ,$(call qstrip,$(1))))
# domain: www.example.com
domain = $(firstword $(subst $(call domainseparator,$(2)), ,$(call stripurischeme,$(1))))
# notdomain: dir/file
notdomain = $(patsubst $(call domain,$(1),$(2))$(call domainseparator,$(2))%,%,$(call stripurischeme,$(1)))
#
# default domainseparator is /, specify alternative value as first argument
domainseparator = $(if $(1),$(1),/)
# github(user,package,version): returns site of GitHub repository
github = https://github.com/$(1)/$(2)/archive/$(3)
# Expressly do not check hashes for those files
# Exported variables default to immediately expanded in some versions of
# make, but we need it to be recursively-epxanded, so explicitly assign it.
export BR_NO_CHECK_HASH_FOR =
################################################################################
# DOWNLOAD_URIS - List the candidates URIs where to get the package from:
# 1) BR2_PRIMARY_SITE if enabled
# 2) Download site, unless BR2_PRIMARY_SITE_ONLY is set
# 3) BR2_BACKUP_SITE if enabled, unless BR2_PRIMARY_SITE_ONLY is set
#
# Argument 1 is the source location
# Argument 2 is the upper-case package name
#
################################################################################
ifneq ($(call qstrip,$(BR2_PRIMARY_SITE)),)
DOWNLOAD_URIS += \
$(call getschemeplusuri,$(call qstrip,$(BR2_PRIMARY_SITE)/$($(2)_DL_SUBDIR)),urlencode) \
$(call getschemeplusuri,$(call qstrip,$(BR2_PRIMARY_SITE)),urlencode)
endif
ifeq ($(BR2_PRIMARY_SITE_ONLY),)
DOWNLOAD_URIS += \
$(patsubst %/,%,$(dir $(call qstrip,$(1))))
ifneq ($(call qstrip,$(BR2_BACKUP_SITE)),)
DOWNLOAD_URIS += \
$(call getschemeplusuri,$(call qstrip,$(BR2_BACKUP_SITE)/$($(2)_DL_SUBDIR)),urlencode) \
$(call getschemeplusuri,$(call qstrip,$(BR2_BACKUP_SITE)),urlencode)
endif
endif
################################################################################
# DOWNLOAD -- Download helper. Will call DL_WRAPPER which will try to download
# source from the list returned by DOWNLOAD_URIS.
#
# Argument 1 is the source location
# Argument 2 is the upper-case package name
#
################################################################################
define DOWNLOAD
$(Q)mkdir -p $($(2)_DL_DIR)
$(Q)$(EXTRA_ENV) $($(2)_DL_ENV) \
flock $($(2)_DL_DIR)/.lock $(DL_WRAPPER) \
-c '$($(2)_DL_VERSION)' \
-d '$($(2)_DL_DIR)' \
-D '$(DL_DIR)' \
-f '$(notdir $(1))' \
-H '$($(2)_HASH_FILE)' \
-n '$($(2)_BASENAME_RAW)' \
-N '$($(2)_RAWNAME)' \
-o '$($(2)_DL_DIR)/$(notdir $(1))' \
$(if $($(2)_GIT_SUBMODULES),-r) \
$(foreach uri,$(call DOWNLOAD_URIS,$(1),$(2)),-u $(uri)) \
$(QUIET) \
-- \
$($(2)_DL_OPTS)
endef
Reference in New Issue View Git Blame Copy Permalink