Commit Graph

13 Commits

Author SHA1 Message Date
Emery Hemingway
80b3994500 prepare_port: prefer SHA256 file verification
SHA1 is susceptible to collision attacks and is generally deprecated.
Source code archives are particularly vulnerable because the hash digest
can be tweaked by hiding by arbitrary data in code comments and files
not processed during build.

With this in mind the 'prepare_port' tool now attempts to verify digests
as SHA256 with a fallback to SHA1. When CHECK_HASH=no is set the tool
will refuse to verify digests as SHA1. The use of SHA1 for creating
unique port versions is retained because the hashes are produced locally
from inputs stored in a git history.

Issue #2767
2018-05-03 15:31:19 +02:00
Emery Hemingway
c3b483d12a Prepate_port: create directories when downloading bare files
Ref #2718
2018-03-27 13:44:27 +02:00
Emery Hemingway
812a0c9eed tool/ports: bare tarball support
Ref #2467
2017-08-30 09:59:57 +02:00
Martin Stein
abc80b7782 prepare_port sel4: check required python modules
This prevents undescriptive errors when building sel4.

Ref #2490
2017-08-28 16:49:36 +02:00
Martin Stein
992a5ec1ae prepare_port: prefix git clone output
To raise readability when preparing multiple ports in parallel we prefix
also the git clone output with the port name dark-yellow-coloured. To
achieve this we sed the git output. In sed \x1b[ resolves to an escape
sequence and \033[, that we use normally, doesn't. The echo command, at
the other hand, resolves both to an escape sequence. Thus we use the
sed-compatible version in general. This commit inhibits the progress
output of git clone as it can't be redirected to sed.

Ref #1872
2016-03-07 12:34:43 +01:00
Martin Stein
b039608e95 prepare_port: prepare multiple ports at once
The tool/prepare_port tool is now able to handle a list of ports that
shall be prepared. Additionally, one may state the number of ports that
shall be prepared in parallel at a max by using the -j parameter. If -j
is not set by the user, the tool acts as with -j1. The previous
implementation of the tool that prepares only a single port was moved to
tool/ports/mk/prepare_single_port.mk and acts as back end to the new
prepare_port tool. The interface of the new prepare_port tool is
backwards compatible. When called for one port only, the behavior is the
same as when calling tool/ports/mk/prepare_single_port.mk directly.

Removes "usage" rule from prepare_single_port.mk. Removes shebang line
from prepare_single_port.mk.

Ref #1872
2016-03-07 12:34:43 +01:00
Emery Hemingway
e4ac1f99ed tool/ports: run unzip with UNZIP_OPT
The patch supports both, a download-specific UNZIP_OPT(download) and a
general UNZIP_OPT that can be defined across downloads.
UNZIP_OPT(download) overrides UNZIP_OPT.

Note, the `--strip-components=1` argument is not required for unzip.

Issue #1357
2015-01-20 11:23:52 +01:00
Christian Helmuth
11a513ac63 prepare_port: disable certificate checking in wget
Some downloads are available via HTTPS only, but wget < 3.14 does not
support server-name identification, which is used by some sites. So, we
disable certificate checking in wget and check the validity of the
download via SIG or SHA.

Fixes #1334.
2015-01-06 12:39:11 +01:00
Christian Helmuth
1a718a7770 prepare_port: log download errors explicitly 2014-11-20 17:06:41 +01:00
Christian Prochaska
c41a102bc4 Add 'check_tool' function to new ports mechanism
Fixes #1254.
2014-10-10 13:02:30 +02:00
Christian Helmuth
f442e64eaf prepare_port: log target when extracting archives
Fixes #1224.
2014-08-15 10:19:49 +02:00
Norman Feske
acf00c29c3 Add 'update_hash' and 'list' to tool/ports
Issue #1082
2014-05-27 13:45:03 +02:00
Norman Feske
a128b40f03 Tool for preparing a single 3rd-party port
Issue #1082
2014-05-27 11:14:42 +02:00