Skip to content

Commit cd1ce58

Browse files
vidmikvidmik
committed
8369454: Verify checksums of downloaded source bundles when creating devkit
Reviewed-by: erikj
1 parent 1cdd241 commit cd1ce58

File tree

1 file changed

+46
-15
lines changed

1 file changed

+46
-15
lines changed

make/devkit/Tools.gmk

Lines changed: 46 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -104,26 +104,48 @@ endif
104104
################################################################################
105105
# Define external dependencies
106106

107-
GCC_VER_ONLY := 14.2.0
107+
GNU_BASE_URL := https://ftp.gnu.org/pub/gnu
108+
108109
BINUTILS_VER_ONLY := 2.43
110+
BINUTILS_BASE_URL := $(GNU_BASE_URL)/binutils
111+
BINUTILS_SHA512 := 93e063163e54d6a6ee2bd48dc754270bf757a3635b49a702ed6b310e929e94063958512d191e66beaf44275f7ea60865dbde138b624626739679fcc306b133bb
112+
109113
CCACHE_VER_ONLY := 4.10.2
114+
CCACHE_BASE_URL := https://github.com/ccache/ccache/releases/download
110115
CCACHE_CMAKE_BASED := 1
111-
MPFR_VER_ONLY := 4.2.1
116+
CCACHE_SHA512 := 3815c71d7266c32839acb306763268018acc58b3bbbd9ec79fc101e4217c1720d2ad2f01645bf69168c1c61d27700b6f3bb755cfa82689cca69824f015653f3c
117+
118+
GCC_VER_ONLY := 14.2.0
119+
GCC_BASE_URL := $(GNU_BASE_URL)/gcc
120+
GCC_SHA512 := 932bdef0cda94bacedf452ab17f103c0cb511ff2cec55e9112fc0328cbf1d803b42595728ea7b200e0a057c03e85626f937012e49a7515bc5dd256b2bf4bc396
121+
122+
GDB_VER_ONLY := 15.2
123+
GDB_BASE_URL := $(GNU_BASE_URL)/gdb
124+
GDB_SHA512 := 624007deceb5b15ba89c0725883d1a699fa46714ef30887f3d0165e17c5d65d634671740a135aa69e437d916218abb08cfa2a38ed309ff19d48f51da56b2a8ba
125+
112126
GMP_VER_ONLY := 6.3.0
127+
GMP_BASE_URL := $(GNU_BASE_URL)/gmp
128+
GMP_SHA512 := e85a0dab5195889948a3462189f0e0598d331d3457612e2d3350799dba2e244316d256f8161df5219538eb003e4b5343f989aaa00f96321559063ed8c8f29fd2
129+
113130
MPC_VER_ONLY := 1.3.1
114-
GDB_VER_ONLY := 15.2
131+
MPC_BASE_URL := $(GNU_BASE_URL)/mpc
132+
MPC_SHA512 := 4bab4ef6076f8c5dfdc99d810b51108ced61ea2942ba0c1c932d624360a5473df20d32b300fc76f2ba4aa2a97e1f275c9fd494a1ba9f07c4cb2ad7ceaeb1ae97
133+
134+
MPFR_VER_ONLY := 4.2.1
135+
MPFR_BASE_URL := https://www.mpfr.org
136+
MPFR_SHA512 := bc68c0d755d5446403644833ecbb07e37360beca45f474297b5d5c40926df1efc3e2067eecffdf253f946288bcca39ca89b0613f545d46a9e767d1d4cf358475
115137

116-
DEPENDENCIES := GCC BINUTILS CCACHE MPFR GMP MPC GDB
138+
DEPENDENCIES := BINUTILS CCACHE GCC GDB GMP MPC MPFR
117139

118140
$(foreach dep,$(DEPENDENCIES),$(eval $(dep)_VER := $(call lowercase,$(dep)-$($(dep)_VER_ONLY))))
119141

120-
GCC_URL := https://ftp.gnu.org/pub/gnu/gcc/$(GCC_VER)/$(GCC_VER).tar.xz
121-
BINUTILS_URL := https://ftp.gnu.org/pub/gnu/binutils/$(BINUTILS_VER).tar.gz
122-
CCACHE_URL := https://github.com/ccache/ccache/releases/download/v$(CCACHE_VER_ONLY)/$(CCACHE_VER).tar.xz
123-
MPFR_URL := https://www.mpfr.org/$(MPFR_VER)/$(MPFR_VER).tar.bz2
124-
GMP_URL := https://ftp.gnu.org/pub/gnu/gmp/$(GMP_VER).tar.bz2
125-
MPC_URL := https://ftp.gnu.org/pub/gnu/mpc/$(MPC_VER).tar.gz
126-
GDB_URL := https://ftp.gnu.org/gnu/gdb/$(GDB_VER).tar.xz
142+
BINUTILS_URL := $(BINUTILS_BASE_URL)/$(BINUTILS_VER).tar.xz
143+
CCACHE_URL := $(CCACHE_BASE_URL)/v$(CCACHE_VER_ONLY)/$(CCACHE_VER).tar.xz
144+
GCC_URL := $(GCC_BASE_URL)/$(GCC_VER)/$(GCC_VER).tar.xz
145+
GDB_URL := $(GDB_BASE_URL)/$(GDB_VER).tar.xz
146+
GMP_URL := $(GMP_BASE_URL)/$(GMP_VER).tar.xz
147+
MPC_URL := $(MPC_BASE_URL)/$(MPC_VER).tar.gz
148+
MPFR_URL := $(MPFR_BASE_URL)/$(MPFR_VER)/$(MPFR_VER).tar.xz
127149

128150
REQUIRED_MIN_MAKE_MAJOR_VERSION := 4
129151
ifneq ($(REQUIRED_MIN_MAKE_MAJOR_VERSION),)
@@ -198,8 +220,8 @@ download-rpms:
198220
################################################################################
199221
# Unpack source packages
200222

201-
# Generate downloading + unpacking of sources.
202-
define Download
223+
# Generate downloading + checksum verification of sources.
224+
define DownloadVerify
203225
# Allow override
204226
$(1)_DIRNAME ?= $(basename $(basename $(notdir $($(1)_URL))))
205227
$(1)_DIR = $(abspath $(SRCDIR)/$$($(1)_DIRNAME))
@@ -224,11 +246,20 @@ define Download
224246
touch $$@
225247

226248
$$($(1)_FILE) :
227-
wget -P $(DOWNLOAD) $$($(1)_URL)
249+
mkdir -p $$(@D)
250+
wget -O - $$($(1)_URL) > [email protected]
251+
sha512_actual="$$$$(sha512sum [email protected] | awk '{ print $$$$1; }')"; \
252+
if [ x"$$$${sha512_actual}" != x"$$($(1)_SHA512)" ]; then \
253+
echo "Checksum mismatch for [email protected]"; \
254+
echo " Expected: $$($(1)_SHA512)"; \
255+
echo " Actual: $$$${sha512_actual}"; \
256+
exit 1; \
257+
fi
258+
mv [email protected] $$@
228259
endef
229260

230261
# Download and unpack all source packages
231-
$(foreach dep,$(DEPENDENCIES),$(eval $(call Download,$(dep))))
262+
$(foreach dep,$(DEPENDENCIES),$(eval $(call DownloadVerify,$(dep))))
232263

233264
################################################################################
234265
# Unpack RPMS

0 commit comments

Comments
 (0)