aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorPetr Štetiar <ynezz@true.cz>2020-11-19 16:32:46 +0100
committerPetr Štetiar <ynezz@true.cz>2020-12-05 20:50:19 +0100
commit605adb1023efda0c29d160839fccc20801b717cd (patch)
tree755bb66a7a8ecf958a460ac8d585c8d7894a07bd /scripts
parent5abe98947542cd9374912f895f057fe56f7036b8 (diff)
downloadupstream-605adb1023efda0c29d160839fccc20801b717cd.tar.gz
upstream-605adb1023efda0c29d160839fccc20801b717cd.tar.bz2
upstream-605adb1023efda0c29d160839fccc20801b717cd.zip
download: handle possibly invalid local tarballs
Currently it's assumed, that already downloaded tarballs are always fine, so no checksum checking is performed and the tarball is used even if it might be corrupted. From now on, we're going to always check the downloaded tarballs before considering them valid. Steps to reproduce: 1. Remove cached tarball rm dl/libubox-2020-08-06-9e52171d.tar.xz 2. Download valid tarball again make package/libubox/download 3. Invalidate the tarball sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile 4. Now compile with corrupt tarball source make package/libubox/{clean,compile} Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 4e19cbc553350b8146985367ba46514cf50e3393)
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/download.pl18
1 files changed, 18 insertions, 0 deletions
diff --git a/scripts/download.pl b/scripts/download.pl
index 5739c20cea..c1623bf91f 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -263,6 +263,24 @@ foreach my $mirror (@ARGV) {
push @mirrors, 'https://sources.openwrt.org';
push @mirrors, 'https://mirror2.openwrt.org/sources';
+if (-f "$target/$filename") {
+ $hash_cmd and do {
+ if (system("cat '$target/$filename' | $hash_cmd > '$target/$filename.hash'")) {
+ die "Failed to generate hash for $filename\n";
+ }
+
+ my $sum = `cat "$target/$filename.hash"`;
+ $sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
+ $sum = $1;
+
+ exit 0 if $sum eq $file_hash;
+
+ die "Hash of the local file $filename does not match (file: $sum, requested: $file_hash) - deleting download.\n";
+ unlink "$target/$filename";
+ cleanup();
+ };
+}
+
while (!-f "$target/$filename") {
my $mirror = shift @mirrors;
$mirror or die "No more mirrors to try - giving up.\n";