From 7a315b0b5d6aa91695853a8647383876e4b49a7a Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 14 Dec 2016 15:36:39 +0100 Subject: build: implement make check and make package/X/check This is intended to be used for a wide array of package sanity checks. The first check that is implemented is for the hash of downloaded files. It checks: - Missing hash - Use of SHA256 instead of MD5 - dl/ hash not matching hash in makefile - deprecated MD5SUM variable The deprecated MD5SUM variable check is skipped for feeds/ until OpenWrt is updated as well Signed-off-by: Felix Fietkau --- include/download.mk | 69 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 60 insertions(+), 9 deletions(-) (limited to 'include/download.mk') diff --git a/include/download.mk b/include/download.mk index 095311bfbd..a9e8a0e2ff 100644 --- a/include/download.mk +++ b/include/download.mk @@ -44,20 +44,66 @@ define dl_tar_pack $(TAR) --numeric-owner --owner=0 --group=0 --sort=name $$$${TAR_TIMESTAMP:+--mtime="$$$$TAR_TIMESTAMP"} -c $(2) | $(call dl_pack,$(1)) endef +ifdef CHECK +check_escape=$(subst ','\'',$(1)) +#') +check_warn = $(info $(shell printf "$(_R)WARNING: %s$(_N)" '$(call check_escape,$(call C_$(1),$(2),$(3),$(4)))')) +gen_sha256sum = $(shell openssl dgst -sha256 $(DL_DIR)/$(1) | awk '{print $$2}') + +C_download_missing = $(1) is missing, please run make download before re-running this check +C_hash_mismatch = $(3) does not match $(1) hash $(call gen_sha256sum,$(1)) +C_hash_deprecated = $(3) uses deprecated hash, set to $(call gen_sha256sum,$(1)) +C_hash_missing = $(3) is missing, set to $(call gen_sha256sum,$(1)) + +check_hash = \ + $(if $(wildcard $(DL_DIR)/$(1)), \ + $(if $(filter-out x,$(2)), \ + $(if $(filter 64,$(shell printf '%s' '$(2)' | wc -c)), \ + $(if $(filter $(2),$(call gen_sha256sum,$(1))),, \ + $(call check_warn,hash_mismatch,$(1),$(2),$(3)) \ + ), \ + $(call check_warn,hash_deprecated,$(1),$(2),$(3)), \ + ), \ + $(call check_warn,hash_missing,$(1),$(2),$(3)) \ + ), \ + $(call check_warn,download_missing,$(1),$(2),$(3)) \ + ) + +C_md5_deprecated = Use of $(2) is deprecated, switch to $(3) + +# Skip MD5SUM check in feeds until OpenWrt is updated +ifneq ($(filter $(foreach dir,package tools toolchain, $(TOPDIR)/$(dir)/%),$(CURDIR)),) +check_md5 = \ + $(if $(filter-out x,$(1)), \ + $(call check_warn,md5_deprecated,$(1),$(2),$(3)) \ + ) +endif + +hash_var = $(if $(filter-out x,$(1)),MD5SUM,HASH) +endif + define DownloadMethod/unknown @echo "ERROR: No download method available"; false endef define DownloadMethod/default - $(SCRIPT_DIR)/download.pl "$(DL_DIR)" "$(FILE)" "$(HASH)" "$(URL_FILE)" $(foreach url,$(URL),"$(url)") + $(SCRIPT_DIR)/download.pl "$(DL_DIR)" "$(FILE)" "$(HASH)" "$(URL_FILE)" $(foreach url,$(URL),"$(url)") \ + $(if $(filter check,$(1)), \ + $(call check_hash,$(FILE),$(HASH),$(2)$(call hash_var,$(MD5SUM))) \ + $(call check_md5,$(MD5SUM),$(2)MD5SUM,$(2)HASH) \ + ) endef define wrap_mirror -$(if $(if $(MIRROR),$(filter-out x,$(MIRROR_HASH))),$(SCRIPT_DIR)/download.pl "$(DL_DIR)" "$(FILE)" "$(MIRROR_HASH)" "" || ( $(1) ),$(1)) +$(if $(if $(MIRROR),$(filter-out x,$(MIRROR_HASH))),$(SCRIPT_DIR)/download.pl "$(DL_DIR)" "$(FILE)" "$(MIRROR_HASH)" "" || ( $(3) ),$(3)) \ +$(if $(filter check,$(1)), \ + $(call check_hash,$(FILE),$(MIRROR_HASH),$(2)MIRROR_$(call hash_var,$(MIRROR_MD5SUM))) \ + $(call check_md5,$(MIRROR_MD5SUM),$(2)MIRROR_MD5SUM,$(2)MIRROR_HASH) \ +) endef define DownloadMethod/cvs - $(call wrap_mirror, \ + $(call wrap_mirror,$(1),$(2), \ echo "Checking out files from the cvs repository..."; \ mkdir -p $(TMP_DIR)/dl && \ cd $(TMP_DIR)/dl && \ @@ -72,7 +118,7 @@ define DownloadMethod/cvs endef define DownloadMethod/svn - $(call wrap_mirror, \ + $(call wrap_mirror,$(1),$(2), \ echo "Checking out files from the svn repository..."; \ mkdir -p $(TMP_DIR)/dl && \ cd $(TMP_DIR)/dl && \ @@ -90,7 +136,7 @@ define DownloadMethod/svn endef define DownloadMethod/git - $(call wrap_mirror, \ + $(call wrap_mirror,$(1),$(2), \ echo "Checking out files from the git repository..."; \ mkdir -p $(TMP_DIR)/dl && \ cd $(TMP_DIR)/dl && \ @@ -109,7 +155,7 @@ define DownloadMethod/git endef define DownloadMethod/bzr - $(call wrap_mirror, \ + $(call wrap_mirror,$(1),$(2), \ echo "Checking out files from the bzr repository..."; \ mkdir -p $(TMP_DIR)/dl && \ cd $(TMP_DIR)/dl && \ @@ -125,7 +171,7 @@ define DownloadMethod/bzr endef define DownloadMethod/hg - $(call wrap_mirror, \ + $(call wrap_mirror,$(1),$(2), \ echo "Checking out files from the hg repository..."; \ mkdir -p $(TMP_DIR)/dl && \ cd $(TMP_DIR)/dl && \ @@ -142,7 +188,7 @@ define DownloadMethod/hg endef define DownloadMethod/darcs - $(call wrap_mirror, \ + $(call wrap_mirror, $(1), $(2), \ echo "Checking out files from the darcs repository..."; \ mkdir -p $(TMP_DIR)/dl && \ cd $(TMP_DIR)/dl && \ @@ -209,6 +255,11 @@ define Download $(DL_DIR)/$(FILE): mkdir -p $(DL_DIR) - $(call locked,$(if $(DownloadMethod/$(call dl_method,$(URL),$(PROTO))),$(DownloadMethod/$(call dl_method,$(URL),$(PROTO))),$(DownloadMethod/unknown)),$(FILE)) + $(call locked, \ + $(if $(DownloadMethod/$(call dl_method,$(URL),$(PROTO))), \ + $(call DownloadMethod/$(call dl_method,$(URL),$(PROTO)),check,$(if $(filter default,$(1)),PKG_,Download/$(1):)), \ + $(DownloadMethod/unknown) \ + ),\ + $(FILE)) endef -- cgit v1.2.3