首页 发现 帮助
注册 登录
OpenWrt
/
openwrt
镜像自地址 https://github.com/openwrt/openwrt.git
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

download: handle possibly invalid local tarballs

Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.

From now on, we're going to always check the downloaded tarballs before
considering them valid.

Steps to reproduce:

 1. Remove cached tarball

   rm dl/libubox-2020-08-06-9e52171d.tar.xz

 2. Download valid tarball again

   make package/libubox/download

 3. Invalidate the tarball

   sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile

 4. Now compile with corrupt tarball source

   make package/libubox/{clean,compile}

Signed-off-by: Petr Štetiar <[email protected]>
Petr Štetiar 4 年之前
父节点
9762cf107b
当前提交
4e19cbc553
共有 3 个文件被更改,包括 22 次插入0 次删除
合并视图 显示文件统计
  1. 2 0
      include/host-build.mk
  2. 2 0
      include/package.mk
  3. 18 0
      scripts/download.pl

+ 2 - 0
include/host-build.mk
查看文件 

@@ -186,6 +186,8 @@ ifndef DUMP
 
     clean-build: host-clean-build
 
     clean-build: host-clean-build
 
   endif
 
   endif
 
 
 
+  $(DL_DIR)/$(FILE): FORCE
 
+
 
   $(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
 
   $(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
 
   $(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
 
   $(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
 
   $(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)
 
   $(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)

+ 2 - 0
include/package.mk
查看文件 

@@ -189,6 +189,8 @@ define Build/CoreTargets
 
   $(call Build/Autoclean)
 
   $(call Build/Autoclean)
 
   $(call DefaultTargets)
 
   $(call DefaultTargets)
 
 
 
+  $(DL_DIR)/$(FILE): FORCE
 
+
 
   download:
 
   download:
 
 	$(foreach hook,$(Hooks/Download),
 
 	$(foreach hook,$(Hooks/Download),
 
 		$(call $(hook))$(sep)
 
 		$(call $(hook))$(sep)

+ 18 - 0
scripts/download.pl
查看文件 

@@ -262,6 +262,24 @@ foreach my $mirror (@ARGV) {
 
 push @mirrors, 'https://sources.openwrt.org';
 
 push @mirrors, 'https://sources.openwrt.org';
 
 push @mirrors, 'https://mirror2.openwrt.org/sources';
 
 push @mirrors, 'https://mirror2.openwrt.org/sources';
 
 
 
+if (-f "$target/$filename") {
 
+	$hash_cmd and do {
 
+		if (system("cat '$target/$filename' | $hash_cmd > '$target/$filename.hash'")) {
 
+			die "Failed to generate hash for $filename\n";
 
+		}
 
+
 
+		my $sum = `cat "$target/$filename.hash"`;
 
+		$sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
 
+		$sum = $1;
 
+
 
+		exit 0 if $sum eq $file_hash;
 
+
 
+		die "Hash of the local file $filename does not match (file: $sum, requested: $file_hash) - deleting download.\n";
 
+		unlink "$target/$filename";
 
+		cleanup();
 
+	};
 
+}
 
+
 
 while (!-f "$target/$filename") {
 
 while (!-f "$target/$filename") {
 
 	my $mirror = shift @mirrors;
 
 	my $mirror = shift @mirrors;
 
 	$mirror or die "No more mirrors to try - giving up.\n";
 
 	$mirror or die "No more mirrors to try - giving up.\n";