Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove cached tarball
rm dl/libubox-2020-08-06-9e52171d.tar.xz
2. Download valid tarball again
make package/libubox/download
3. Invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/'
package/libs/libubox/Makefile
4. Now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar <[email protected]>
(cherry picked from commit 4e19cbc553350b8146985367ba46514cf50e3393)
---
include/host-build.mk | 2 ++
include/package.mk | 2 ++
scripts/download.pl | 18 ++++++++++++++++++
3 files changed, 22 insertions(+)
diff --git a/include/host-build.mk b/include/host-build.mk
index 827ea6bbfb1b..79a9b1f8d605 100644
--- a/include/host-build.mk
+++ b/include/host-build.mk
@@ -184,6 +184,8 @@ ifndef DUMP
clean-build: host-clean-build
endif
+ $(DL_DIR)/$(FILE): FORCE
+
$(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
$(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
$(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)
diff --git a/include/package.mk b/include/package.mk
index c541f6edf7a9..f6aa5ea8d03d 100644
--- a/include/package.mk
+++ b/include/package.mk
@@ -185,6 +185,8 @@ define Build/CoreTargets
$(call Build/Autoclean)
$(call DefaultTargets)
+ $(DL_DIR)/$(FILE): FORCE
+
download:
$(foreach hook,$(Hooks/Download),
$(call $(hook))$(sep)
diff --git a/scripts/download.pl b/scripts/download.pl
index 5739c20ceae9..c1623bf91fe0 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -263,6 +263,24 @@ foreach my $mirror (@ARGV) {
push @mirrors, 'https://sources.openwrt.org';
push @mirrors, 'https://mirror2.openwrt.org/sources';
+if (-f "$target/$filename") {
+ $hash_cmd and do {
+ if (system("cat '$target/$filename' | $hash_cmd >
'$target/$filename.hash'")) {
+ die "Failed to generate hash for $filename\n";
+ }
+
+ my $sum = `cat "$target/$filename.hash"`;
+ $sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
+ $sum = $1;
+
+ exit 0 if $sum eq $file_hash;
+
+ die "Hash of the local file $filename does not match (file:
$sum, requested: $file_hash) - deleting download.\n";
+ unlink "$target/$filename";
+ cleanup();
+ };
+}
+
while (!-f "$target/$filename") {
my $mirror = shift @mirrors;
$mirror or die "No more mirrors to try - giving up.\n";
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
