diff options
| author | Yann E. MORIN <yann.morin.1998@free.fr> | 2014-12-11 23:52:07 +0100 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2014-12-11 23:59:25 +0100 |
| commit | 9b88c604843ee176bb82d3d2185b0663837920e5 (patch) | |
| tree | b89f5155bff5eb4c9f7ed109925dee3fbae2d157 /support/download/dl-wrapper | |
| parent | 2685937e06d6ede44b88b223e02b38b3ff66a53c (diff) | |
| download | buildroot-9b88c604843ee176bb82d3d2185b0663837920e5.tar.gz buildroot-9b88c604843ee176bb82d3d2185b0663837920e5.zip | |
pkg-download: verify the hashes from the download wrapper
Instead of repeating the check in our download rules, delegate the check
of the hashes to the download wrapper.
This needs three different changes:
- add a new argument to the download wrapper, that is the full path to
the hash file; if the hash file does not exist, that does not change
the current behaviour, as the existence of the hash file is checked
for in the check-hash script;
- add a third argument to the check-hash script, to be the basename of
the file to check; this is required because we no longer check the
final file with the final filename, but an intermediate file with a
temporary filename;
- do the actual call to the check-hash script from within the download
wrapper.
This further paves the way to doing pre-download checks of the hashes
for the locally cached files.
Note: this patch removes the check for hashes for already downloaded
files, since the wrapper script exits early. The behaviour to check
localy cached files will be restored and enhanced in the following
patch.
[Thomas: fix minor typo in comment.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'support/download/dl-wrapper')
| -rwxr-xr-x | support/download/dl-wrapper | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/support/download/dl-wrapper b/support/download/dl-wrapper index dc5b4b08db..f0cdd735b4 100755 --- a/support/download/dl-wrapper +++ b/support/download/dl-wrapper @@ -21,14 +21,15 @@ set -e main() { local OPT OPTARG - local backend output + local backend output hfile # Parse our options; anything after '--' is for the backend - while getopts :hb:o: OPT; do + while getopts :hb:o:H: OPT; do case "${OPT}" in h) help; exit 0;; b) backend="${OPTARG}";; o) output="${OPTARG}";; + H) hfile="${OPTARG}";; :) error "option '%s' expects a mandatory argument\n" "${OPTARG}";; \?) error "unknown option '%s'\n" "${OPTARG}";; esac @@ -42,6 +43,9 @@ main() { if [ -z "${output}" ]; then error "no output specified, use -o\n" fi + if [ -z "${hfile}" ]; then + error "no hash-file specified, use -H\n" + fi # If the output file already exists, do not download it again if [ -e "${output}" ]; then @@ -75,6 +79,13 @@ main() { # cd back to free the temp-dir, so we can remove it later cd "${OLDPWD}" + # Check if the downloaded file is sane, and matches the stored hashes + # for that file + if ! support/download/check-hash "${hfile}" "${tmpf}" "${output##*/}"; then + rm -rf "${tmpd}" + exit 1 + fi + # tmp_output is in the same directory as the final output, so we can # later move it atomically. tmp_output="$(mktemp "${output}.XXXXXX")" @@ -150,6 +161,10 @@ DESCRIPTION -o FILE Store the downloaded archive in FILE. + -H FILE + Use FILE to read hashes from, and check them against the downloaded + archive. + Exit status: 0 if OK !0 in case of error |
