Commit Graph

19 Commits

Author SHA1 Message Date
Emery Hemingway
80b3994500 prepare_port: prefer SHA256 file verification
SHA1 is susceptible to collision attacks and is generally deprecated.
Source code archives are particularly vulnerable because the hash digest
can be tweaked by hiding by arbitrary data in code comments and files
not processed during build.

With this in mind the 'prepare_port' tool now attempts to verify digests
as SHA256 with a fallback to SHA1. When CHECK_HASH=no is set the tool
will refuse to verify digests as SHA1. The use of SHA1 for creating
unique port versions is retained because the hashes are produced locally
from inputs stored in a git history.

Issue #2767
2018-05-03 15:31:19 +02:00
Emery Hemingway
c3b483d12a Prepate_port: create directories when downloading bare files
Ref #2718
2018-03-27 13:44:27 +02:00
Christian Helmuth
65b2e63bb9 Ensure stable sorting order in tools
This eliminates certain surprises with port contents and depot hashes.
2017-11-06 13:57:25 +01:00
Emery Hemingway
812a0c9eed tool/ports: bare tarball support
Ref #2467
2017-08-30 09:59:57 +02:00
Martin Stein
abc80b7782 prepare_port sel4: check required python modules
This prevents undescriptive errors when building sel4.

Ref #2490
2017-08-28 16:49:36 +02:00
Christian Helmuth
cc78f0b20c tool: second try on failing check of file-based port
We call curl a second time if the first check fails. This gives download
sites time to reconsider their response and helps, for example, to check
the qemu-usb port.
2017-03-15 12:24:44 +01:00
Martin Stein
992a5ec1ae prepare_port: prefix git clone output
To raise readability when preparing multiple ports in parallel we prefix
also the git clone output with the port name dark-yellow-coloured. To
achieve this we sed the git output. In sed \x1b[ resolves to an escape
sequence and \033[, that we use normally, doesn't. The echo command, at
the other hand, resolves both to an escape sequence. Thus we use the
sed-compatible version in general. This commit inhibits the progress
output of git clone as it can't be redirected to sed.

Ref #1872
2016-03-07 12:34:43 +01:00
Martin Stein
b039608e95 prepare_port: prepare multiple ports at once
The tool/prepare_port tool is now able to handle a list of ports that
shall be prepared. Additionally, one may state the number of ports that
shall be prepared in parallel at a max by using the -j parameter. If -j
is not set by the user, the tool acts as with -j1. The previous
implementation of the tool that prepares only a single port was moved to
tool/ports/mk/prepare_single_port.mk and acts as back end to the new
prepare_port tool. The interface of the new prepare_port tool is
backwards compatible. When called for one port only, the behavior is the
same as when calling tool/ports/mk/prepare_single_port.mk directly.

Removes "usage" rule from prepare_single_port.mk. Removes shebang line
from prepare_single_port.mk.

Ref #1872
2016-03-07 12:34:43 +01:00
Christian Helmuth
0ef20f7ece tool/ports: curl timeout and retry in check.mk 2015-04-09 16:04:47 +02:00
Stefan Kalkowski
684ce272e6 tool/ports: add tool to check source availability
The 'check_port_source' checks whether all remote sources defined for a given
port are currently available. It returns zero, when all remote resources are
available.

Fix #1430
2015-03-19 08:57:18 +01:00
Christian Helmuth
e479b9e8e8 ports: also hash patches with absolute path names
Fixes #1305
2015-01-27 12:17:53 +01:00
Emery Hemingway
e4ac1f99ed tool/ports: run unzip with UNZIP_OPT
The patch supports both, a download-specific UNZIP_OPT(download) and a
general UNZIP_OPT that can be defined across downloads.
UNZIP_OPT(download) overrides UNZIP_OPT.

Note, the `--strip-components=1` argument is not required for unzip.

Issue #1357
2015-01-20 11:23:52 +01:00
Christian Helmuth
11a513ac63 prepare_port: disable certificate checking in wget
Some downloads are available via HTTPS only, but wget < 3.14 does not
support server-name identification, which is used by some sites. So, we
disable certificate checking in wget and check the validity of the
download via SIG or SHA.

Fixes #1334.
2015-01-06 12:39:11 +01:00
Christian Helmuth
1a718a7770 prepare_port: log download errors explicitly 2014-11-20 17:06:41 +01:00
Christian Prochaska
c41a102bc4 Add 'check_tool' function to new ports mechanism
Fixes #1254.
2014-10-10 13:02:30 +02:00
Christian Helmuth
f442e64eaf prepare_port: log target when extracting archives
Fixes #1224.
2014-08-15 10:19:49 +02:00
Norman Feske
6d3a41a95c tool: Sort patches when generating port hashes
Issue #1082
2014-06-02 11:31:50 +02:00
Norman Feske
acf00c29c3 Add 'update_hash' and 'list' to tool/ports
Issue #1082
2014-05-27 13:45:03 +02:00
Norman Feske
a128b40f03 Tool for preparing a single 3rd-party port
Issue #1082
2014-05-27 11:14:42 +02:00