aboutsummaryrefslogtreecommitdiff
path: root/package/pkg-download.mk
diff options
context:
space:
mode:
authorGravatar Yann E. MORIN <yann.morin.1998@free.fr>2014-07-03 21:36:21 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2014-07-04 23:35:19 +0200
commit9bd8b59526c4521879f0ae5f765cb1a748725c49 (patch)
tree332ad4f9f4ff7534a708cd724af423f7550ea4b8 /package/pkg-download.mk
parent19afad50f58b15b57ae3da673b9ba750a641350f (diff)
downloadbuildroot-9bd8b59526c4521879f0ae5f765cb1a748725c49.tar.gz
buildroot-9bd8b59526c4521879f0ae5f765cb1a748725c49.tar.bz2
pkg-infra: add possiblity to check downloaded files against known hashes
Some of the packages that Buildroot might build are sensitive packages, related to security: openssl, dropbear, ca-certificates... Some of those packages are downloaded over plain http, because there is no way to get them over a secure channel, such as https. In these dark times of pervasive surveillance, the potential for harm that a tampered-with package could generate, we may want to check the integrity of those sensitive packages. So, each package may now provide a list of hashes for all files that needs to be downloaded, and Buildroot will just fail if any downloaded file does not match its known hash, in which case it is removed. Hashes can be any of the md5, sha1 or sha2 variants, and will be checked even if the file was pre-downloaded. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Baruch Siach <baruch@tkos.co.il> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Samuel Martin <s.martin49@gmail.com> Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/pkg-download.mk')
-rw-r--r--package/pkg-download.mk20
1 files changed, 17 insertions, 3 deletions
diff --git a/package/pkg-download.mk b/package/pkg-download.mk
index d3cd0c144e..7f208d538b 100644
--- a/package/pkg-download.mk
+++ b/package/pkg-download.mk
@@ -58,6 +58,17 @@ domainseparator=$(if $(1),$(1),/)
# github(user,package,version): returns site of GitHub repository
github = https://github.com/$(1)/$(2)/archive/$(3)
+# Helper for checking a tarball's checksum
+# If the hash does not match, remove the incorrect file
+# $(1): the path to the file with the hashes
+# $(2): the full path to the file to check
+define VERIFY_HASH
+ if ! support/download/check-hash $(1) $(2); then \
+ rm -f $(2); \
+ exit 1; \
+ fi
+endef
+
################################################################################
# The DOWNLOAD_* helpers are in charge of getting a working copy
# of the source repository for their corresponding SCM,
@@ -148,7 +159,8 @@ endef
define DOWNLOAD_SCP
test -e $(DL_DIR)/$(2) || \
$(EXTRA_ENV) support/download/scp '$(call stripurischeme,$(call qstrip,$(1)))' \
- $(DL_DIR)/$(2)
+ $(DL_DIR)/$(2) && \
+ $(call VERIFY_HASH,$(PKGDIR)/$($(PKG)_NAME).hash,$(DL_DIR)/$(2))
endef
define SOURCE_CHECK_SCP
@@ -179,7 +191,8 @@ endef
define DOWNLOAD_WGET
test -e $(DL_DIR)/$(2) || \
- $(EXTRA_ENV) support/download/wget '$(call qstrip,$(1))' $(DL_DIR)/$(2)
+ $(EXTRA_ENV) support/download/wget '$(call qstrip,$(1))' $(DL_DIR)/$(2) && \
+ $(call VERIFY_HASH,$(PKGDIR)/$($(PKG)_NAME).hash,$(DL_DIR)/$(2))
endef
define SOURCE_CHECK_WGET
@@ -193,7 +206,8 @@ endef
define DOWNLOAD_LOCALFILES
test -e $(DL_DIR)/$(2) || \
$(EXTRA_ENV) support/download/cp $(call stripurischeme,$(call qstrip,$(1))) \
- $(DL_DIR)
+ $(DL_DIR) && \
+ $(call VERIFY_HASH,$(PKGDIR)/$($(PKG)_NAME).hash,$(DL_DIR)/$(2))
endef
define SOURCE_CHECK_LOCALFILES