fetch: add SRC_URI checksum

This patch adds per-recipe SRC_URI checksum verification. - SRC_URI format The format of SRC_URI checksum follow OE definition: 1. SRC_URI has single src SRC_URI = "http://some.domain/file.tar.gz" SRC_URI[md5sum] = "xxxxxxxxxxxxxxx" SRC_URI[sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx" 2. SRC_URI has multiple src, every src need specify name SRC_URI = "http://some.domain/file1.tar.gz;name=name1 \ http://some.domain/file2.tar.gz;name=name2 " SRC_URI[name1.md5sum] = "xxxxxxxxxxxxxxx" SRC_URI[name1.sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx" SRC_URI[name2.md5sum] = "xxxxxxxxxxxxxxx" SRC_URI[name2.sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx" - SRC_URI checking invocation: the checksum checking is invoked in do_fetch phase, so it can be invoked manually by if recipes has no SRC_URI checksum item, bitbake will show warning: " WARNING: Missing SRC_URI checksum for xxxx.tar.gz, consider to add SRC_URI[md5sum] = "5c69f16d452b0bb3d44bc3c10556c072" SRC_URI[sha256sum] = "f4e0ada8d4d516bbb8600a3ee7d9046c9c79e38cd781df9ffc46d8f16acd1768" " thus recipe author can add it to recpie file after SRC_URI - control variable BB_STRICT_CHECKSUM when SRC_URI checksum is missing, this variable decide pass or not if BB_STRICT_CHECKSUM = "1", missing checksum is fatal Signed-off-by: Yu Ke <ke.yu@intel.com> Signed-off-by: Richard Purdie <rpurdie@linux.intel.com> Signed-off-by: Chris Larson <chris_larson@mentor.com>
author: Yu Ke <ke.yu@intel.com> 2010-12-17 13:52:52 +0800
committer: Chris Larson <chris_larson@mentor.com> 2010-12-29 23:51:07 -0700
commit: ce6071c64dd98aada6649fa7811fdc6f92b6f654 (patch)
tree: bb0118cc82cf5dfd2486a553939c12287eb600d0 /lib/bb/fetch/__init__.py
parent: 5ec4ca7e45bdf6d259503fc67155395e89ba6329 (diff)
download: bitbake-ce6071c64dd98aada6649fa7811fdc6f92b6f654.tar.gz
1 files changed, 49 insertions, 0 deletions
diff --git a/lib/bb/fetch/__init__.py b/lib/bb/fetch/__init__.py
index aa16fb927..91729f684 100644
--- a/lib/bb/fetch/__init__.py
+++ b/lib/bb/fetch/__init__.py
@@ -223,6 +223,42 @@ def removefile(f):
     except:
         pass
 
+def verify_checksum(u, ud, d):
+    """
+    verify the MD5 and SHA256 checksum for downloaded src
+
+    return value:
+        - True: checksum matched
+        - False: checksum unmatched
+
+    if checksum is missing in recipes file, "BB_STRICT_CHECKSUM" decide the return value.
+    if BB_STRICT_CHECKSUM = "1" then return false as unmatched, otherwise return true as
+    matched
+    """
+
+    if not ud.type in ["http", "https", "ftp", "ftps"]:
+        return
+
+    md5data = bb.utils.md5_file(ud.localpath)
+    sha256data = bb.utils.sha256_file(ud.localpath)
+
+    if (ud.md5_expected == None or ud.sha256_expected == None):
+        logger.warn('Missing SRC_URI checksum for %s, consider adding to the recipe:\n'
+                    'SRC_URI[%s] = "%s"\nSRC_URI[%s] = "%s"',
+                    ud.localpath, ud.md5_name, md5data,
+                    ud.sha256_name, sha256data)
+        if bb.data.getVar("BB_STRICT_CHECKSUM", d, True) == "1":
+            raise FetchError("No checksum specified for %s." % u)
+        return
+
+    if (ud.md5_expected != md5data or ud.sha256_expected != sha256data):
+        logger.error('The checksums for "%s" did not match.\n'
+                     '  MD5: expected "%s", got "%s"\n'
+                     '  SHA256: expected "%s", got "%s"\n',
+                     ud.localpath, ud.md5_expected, md5data,
+                     ud.sha256_expected, sha256data)
+        raise FetchError("%s checksum mismatch." % u)
+
 def go(d, urls = None):
     """
     Fetch all urls
@@ -265,6 +301,7 @@ def go(d, urls = None):
                     raise FetchError("Unable to fetch URL %s from any source." % u)
 
         ud.localpath = localpath
+
         if os.path.exists(ud.md5):
             # Touch the md5 file to show active use of the download
             try:
@@ -273,6 +310,8 @@ def go(d, urls = None):
                 # Errors aren't fatal here
                 pass
         else:
+            # Only check the checksums if we've not seen this item before
+            verify_checksum(u, ud, d)
             Fetch.write_md5sum(u, ud, d)
 
         bb.utils.unlockfile(lf)
@@ -494,6 +533,16 @@ class FetchData(object):
         if not self.pswd and "pswd" in self.parm:
             self.pswd = self.parm["pswd"]
         self.setup = False
+
+        if "name" in self.parm:
+            self.md5_name = "%s.md5sum" % self.parm["name"]
+            self.sha256_name = "%s.sha256sum" % self.parm["name"]
+        else:
+            self.md5_name = "md5sum"
+            self.sha256_name = "sha256sum"
+        self.md5_expected = bb.data.getVarFlag("SRC_URI", self.md5_name, d)
+        self.sha256_expected = bb.data.getVarFlag("SRC_URI", self.sha256_name, d)
+
         for m in methods:
             if m.supports(url, self, d):
                 self.method = m
author	Yu Ke <ke.yu@intel.com>	2010-12-17 13:52:52 +0800
committer	Chris Larson <chris_larson@mentor.com>	2010-12-29 23:51:07 -0700
commit	ce6071c64dd98aada6649fa7811fdc6f92b6f654 (patch)
tree	bb0118cc82cf5dfd2486a553939c12287eb600d0 /lib/bb/fetch/__init__.py
parent	5ec4ca7e45bdf6d259503fc67155395e89ba6329 (diff)
download	bitbake-ce6071c64dd98aada6649fa7811fdc6f92b6f654.tar.gz