buildroot/support/download
Yann E. MORIN f91e89b6e6 support/download: teach dl-wrapper to handle more than one hash file
Currently, we expect and only use hash files that lie within the package
directory, alongside the .mk file. Those hash files are thus bundled
with Buildroot.

This implies that only what's known to Buildroot can ever get into those
hash files. For packages where the version is fixed (or a static
choice), then we can carry hashes for those known versions.

However, we do have a few packages for which the version is a free-form
entry, where the user can provide a custom location and/or version. like
a custom VCS tree and revision, or a custom tarball URL. This means that
Buildroot has no way to be able to cary hashes for such custom versions.

This means that there is no integrity check that what was downloaded is
what was expected. For a sha1 in a git tree, this is a minor issue,
because the sha1 by itself is already a hash of the expected content.
But for custom tarballs URLs, or for a tag in a VCS, there is indeed no
integrity check.

Buildroot can't provide such hashes, but interested users may want to
provide those, and currently there is no (easy) way to do so.

So, we need our download helpers to be able to accept more than one hash
file to lookup for hashes.

Extend the dl-wrapper and the check-hash helpers thusly, and update the
legal-info accordingly.

Note that, to be able to pass more than one hash file, we also need to
re-order the arguments passed to support/download/check-hash, which also
impies some shuffling in the three places it is called:
  - 2 in dl-wrapper
  - 1 in the legal-info infra

That in turn also requires that the legal-license-file macro args get
re-ordered to have the hash file last; we take the opportunity to also
move the HOST/TARGET arg to be first, like in the other legal-info
macros.

Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-07 11:48:45 +01:00
..
bzr support/download: fix git/svn corrupted cache 2021-03-19 21:22:59 +01:00
cargo-post-process support/download: fix the cargo post-process in face of failed vendoring 2023-02-12 09:39:19 +01:00
check-hash support/download: teach dl-wrapper to handle more than one hash file 2023-11-07 11:48:45 +01:00
cvs support/download: fix git/svn corrupted cache 2021-03-19 21:22:59 +01:00
dl-wrapper support/download: teach dl-wrapper to handle more than one hash file 2023-11-07 11:48:45 +01:00
file support/download: fix git/svn corrupted cache 2021-03-19 21:22:59 +01:00
git support/download/git: fix shellcheck errors 2023-09-14 23:02:20 +02:00
go-post-process support/download/go-post-process: drop -o pipefail 2022-01-09 11:07:37 +01:00
helpers support/download: generate even more reproducible tarballs 2023-09-14 23:02:07 +02:00
hg support/download/hg: fix broken method 2021-04-28 21:51:10 +02:00
scp support/download: fix git/svn corrupted cache 2021-03-19 21:22:59 +01:00
sftp support/download: Add SFTP support 2022-01-06 09:34:05 +01:00
svn support/download: add support to exclude svn externals 2023-08-06 16:35:52 +02:00
wget support/download: fix git/svn corrupted cache 2021-03-19 21:22:59 +01:00