From patchwork Sun May 4 12:01:49 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 345471 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from fraxinus.osuosl.org (fraxinus.osuosl.org [140.211.166.137]) by ozlabs.org (Postfix) with ESMTP id 1522F140194 for ; Sun, 4 May 2014 22:02:35 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2F87C8BEE2; Sun, 4 May 2014 12:02:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fRJfBSt9jwe8; Sun, 4 May 2014 12:02:20 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id CC8E08B9D5; Sun, 4 May 2014 12:02:14 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (fraxinus.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 0E0821C2226 for ; Sun, 4 May 2014 12:02:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id D91228BD90 for ; Sun, 4 May 2014 12:02:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FSPN89XvVNx8 for ; Sun, 4 May 2014 12:02:09 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 962A48BD51 for ; Sun, 4 May 2014 12:02:07 +0000 (UTC) Received: by mail-we0-f172.google.com with SMTP id k48so676906wev.31 for ; Sun, 04 May 2014 05:02:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=W+wIH5i51LpsSZrXzuSo3ZoajaC0YNQhJFef4DeCcAU=; b=uyTAOeLGPGVARkVmeHXoX0G+isBoCLgqAcPZuttDAHenSiOcTvMhxVs4AgUlAVDyJF LpURBzhCGGeVp5sJlubtSyeWxQ18+kbnQcL2xGS5+g/XOtra2dZAp7Fj+ur6jWHpECoC AUyqeohj3fMMgjgz1kojOFjGm1KvrLLuaeLhaVRcn/jvAPAzJfWePAOKoGCnFBDXb9lS l2tdxPNH++C2Dqlu2aKJAcpLzkkvectImfcv52Qcp4/xM8/Z/tBb+UOvP4OkV1syCsNd ViE+f7VvfkDxanIw6kJRscgIDzGdOxIko3kGMVVCWj6iRRA1VmfeiO8naOU1Z7clcMcR wLTw== X-Received: by 10.194.202.166 with SMTP id kj6mr1719094wjc.48.1399204926134; Sun, 04 May 2014 05:02:06 -0700 (PDT) Received: from gourin.bzh.lan (ks3095497.kimsufi.com. [94.23.60.27]) by mx.google.com with ESMTPSA id iy13sm10455501wic.1.2014.05.04.05.02.04 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 04 May 2014 05:02:05 -0700 (PDT) From: "Yann E. MORIN" To: buildroot@buildroot.org Date: Sun, 4 May 2014 14:01:49 +0200 Message-Id: <41a93600bf2cab0386505764f07e376e4516fe20.1399204808.git.yann.morin.1998@free.fr> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: References: Cc: "Yann E. MORIN" Subject: [Buildroot] [PATCH 10/11] manual: add documentation about packages' hashes X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net From: "Yann E. MORIN" Although md5 is, for legacy reasons, a supported hash type, it is not documented on purpose, since it is now known to be weak. Signed-off-by: "Yann E. MORIN" Cc: Baruch Siach Cc: Arnout Vandecappelle Cc: Samuel Martin Cc: Thomas De Schampheleire Reviewed-by: Thomas De Schampheleire --- docs/manual/adding-packages-directory.txt | 67 +++++++++++++++++++++++++++++++ support/download/check-hash | 1 + 2 files changed, 68 insertions(+) diff --git a/docs/manual/adding-packages-directory.txt b/docs/manual/adding-packages-directory.txt index 3cf3afa..0e2cdb3 100644 --- a/docs/manual/adding-packages-directory.txt +++ b/docs/manual/adding-packages-directory.txt @@ -347,3 +347,70 @@ different way, using different infrastructures: Further formatting details: see xref:writing-rules-mk[the writing rules]. + +The +.hash+ file +~~~~~~~~~~~~~~~~ +[[adding-packages-hash]] + +Optionally, you can add a third file, named +libfoo.hash+, that contains +the hashes of the downloaded files for the +libfoo+ package. + +The hashes stored in that file are used to validate the integrity of the +downloaded files. + +The format of this file is one line for each file for which to check the +hash, each line being space-separated, with these three fields: + +* the type of hash, one of: +** +sha1+, +sha224+, +sha256+, +sha384+, +sha512+ +* the hash of the file: +** for +sha1+, 40 hexadecimal characters +** for +sha224+, 56 hexadecimal characters +** for +sha256+, 64 hexadecimal characters +** for +sha384+, 96 hexadecimal characters +** for +sha512+, 128 hexadecimal characters +* the name of the file, without any directory component + +Lines starting with a +#+ sign are considered comments, and ignored. Empty +lines are ignored. + +There can be more than one hash for a single file, each on its own line. In +this case, all hashes must match. + +Ideally, the hashes stored in this file should match the hashes published by +upstream, e.g. on their website, in the e-mail announcement... If upstream +provides more than one type of hash (say, +sha1+ and +sha512+), then it is +best to add all those hashes in the +.hash+ file. If upstream does not +provide any hash, then compute at least one yourself, and mention this in a +comment line above the hashes. + +*Note:* the number of spaces does not matter, so one can use spaces to +properly align the different fields. + +The example below defines a +sha1+ and a +sha256+ published by upstream for +the main +libfoo-1.2.3.tar.bz2+ tarball, plus two locally-computed hashes, +a +sha256+ for a downloaded patch, and a +sha1+ for a downloaded binary blob: + +---- +# Hashes from: http://www.foosoftware.org/download/libfoo-1.2.3.tar.bz2.{sha1,sha256}: +sha1 486fb55c3efa71148fe07895fd713ea3a5ae343a libfoo-1.2.3.tar.bz2 +sha256 efc8103cc3bcb06bda6a781532d12701eb081ad83e8f90004b39ab81b65d4369 libfoo-1.2.3.tar.bz2 + +# No upstream hashes for the following: +sha256 ff52101fb90bbfc3fe9475e425688c660f46216d7e751c4bbdb1dc85cdccacb9 libfoo-fix-blabla.patch +sha1 2d608f3c318c6b7557d551a5a09314f03452f1a1 libfoo-data.bin +---- + +If the +.hash+ file is present, and it contains one or more hashes for a +downloaded file, the hash(es) computed by Buildroot (after download) must +match the hash(es) stored in the +.hash+ file. If one or more hashes do +not match, Buildroot considers this an error, deletes the downloaded file, +and aborts. + +If the +.hash+ file is present, but it does not contain a hash for a +downloaded file, no check is done for that file. If you set the +environment variable +BR2_ENFORCE_CHECK_HASH+ to a non-empty value, and +there is no hash for a downloaded file, Buildroot considers this an +error, deletes the downloaded file, and aborts. + +If the +.hash+ file is missing, then no check is done at all. diff --git a/support/download/check-hash b/support/download/check-hash index d498752..ce50e5a 100755 --- a/support/download/check-hash +++ b/support/download/check-hash @@ -22,6 +22,7 @@ check_one_hash() { _known="${2}" _file="${3}" + # Note: md5 is supported, but undocumented on purpose. # Note: sha3 is not supported, since there is currently no implemetation # (the NIST has yet to publish the parameters). case "${_h}" in