diff options
author | Yu Ke <ke.yu@intel.com> | 2010-12-17 13:52:52 +0800 |
---|---|---|
committer | Chris Larson <chris_larson@mentor.com> | 2010-12-29 23:51:07 -0700 |
commit | ce6071c64dd98aada6649fa7811fdc6f92b6f654 (patch) | |
tree | bb0118cc82cf5dfd2486a553939c12287eb600d0 /lib/bb/fetch/__init__.py | |
parent | 5ec4ca7e45bdf6d259503fc67155395e89ba6329 (diff) | |
download | bitbake-ce6071c64dd98aada6649fa7811fdc6f92b6f654.tar.gz |
fetch: add SRC_URI checksum
This patch adds per-recipe SRC_URI checksum verification.
- SRC_URI format
The format of SRC_URI checksum follow OE definition:
1. SRC_URI has single src
SRC_URI = "http://some.domain/file.tar.gz"
SRC_URI[md5sum] = "xxxxxxxxxxxxxxx"
SRC_URI[sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx"
2. SRC_URI has multiple src, every src need specify name
SRC_URI = "http://some.domain/file1.tar.gz;name=name1 \
http://some.domain/file2.tar.gz;name=name2 "
SRC_URI[name1.md5sum] = "xxxxxxxxxxxxxxx"
SRC_URI[name1.sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx"
SRC_URI[name2.md5sum] = "xxxxxxxxxxxxxxx"
SRC_URI[name2.sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx"
- SRC_URI checking invocation:
the checksum checking is invoked in do_fetch phase,
so it can be invoked manually by
if recipes has no SRC_URI checksum item, bitbake will show warning:
"
WARNING: Missing SRC_URI checksum for xxxx.tar.gz, consider to add
SRC_URI[md5sum] = "5c69f16d452b0bb3d44bc3c10556c072"
SRC_URI[sha256sum] = "f4e0ada8d4d516bbb8600a3ee7d9046c9c79e38cd781df9ffc46d8f16acd1768"
"
thus recipe author can add it to recpie file after SRC_URI
- control variable BB_STRICT_CHECKSUM
when SRC_URI checksum is missing, this variable decide pass or not
if BB_STRICT_CHECKSUM = "1", missing checksum is fatal
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
Signed-off-by: Chris Larson <chris_larson@mentor.com>
Diffstat (limited to 'lib/bb/fetch/__init__.py')
-rw-r--r-- | lib/bb/fetch/__init__.py | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/lib/bb/fetch/__init__.py b/lib/bb/fetch/__init__.py index aa16fb927..91729f684 100644 --- a/lib/bb/fetch/__init__.py +++ b/lib/bb/fetch/__init__.py @@ -223,6 +223,42 @@ def removefile(f): except: pass +def verify_checksum(u, ud, d): + """ + verify the MD5 and SHA256 checksum for downloaded src + + return value: + - True: checksum matched + - False: checksum unmatched + + if checksum is missing in recipes file, "BB_STRICT_CHECKSUM" decide the return value. + if BB_STRICT_CHECKSUM = "1" then return false as unmatched, otherwise return true as + matched + """ + + if not ud.type in ["http", "https", "ftp", "ftps"]: + return + + md5data = bb.utils.md5_file(ud.localpath) + sha256data = bb.utils.sha256_file(ud.localpath) + + if (ud.md5_expected == None or ud.sha256_expected == None): + logger.warn('Missing SRC_URI checksum for %s, consider adding to the recipe:\n' + 'SRC_URI[%s] = "%s"\nSRC_URI[%s] = "%s"', + ud.localpath, ud.md5_name, md5data, + ud.sha256_name, sha256data) + if bb.data.getVar("BB_STRICT_CHECKSUM", d, True) == "1": + raise FetchError("No checksum specified for %s." % u) + return + + if (ud.md5_expected != md5data or ud.sha256_expected != sha256data): + logger.error('The checksums for "%s" did not match.\n' + ' MD5: expected "%s", got "%s"\n' + ' SHA256: expected "%s", got "%s"\n', + ud.localpath, ud.md5_expected, md5data, + ud.sha256_expected, sha256data) + raise FetchError("%s checksum mismatch." % u) + def go(d, urls = None): """ Fetch all urls @@ -265,6 +301,7 @@ def go(d, urls = None): raise FetchError("Unable to fetch URL %s from any source." % u) ud.localpath = localpath + if os.path.exists(ud.md5): # Touch the md5 file to show active use of the download try: @@ -273,6 +310,8 @@ def go(d, urls = None): # Errors aren't fatal here pass else: + # Only check the checksums if we've not seen this item before + verify_checksum(u, ud, d) Fetch.write_md5sum(u, ud, d) bb.utils.unlockfile(lf) @@ -494,6 +533,16 @@ class FetchData(object): if not self.pswd and "pswd" in self.parm: self.pswd = self.parm["pswd"] self.setup = False + + if "name" in self.parm: + self.md5_name = "%s.md5sum" % self.parm["name"] + self.sha256_name = "%s.sha256sum" % self.parm["name"] + else: + self.md5_name = "md5sum" + self.sha256_name = "sha256sum" + self.md5_expected = bb.data.getVarFlag("SRC_URI", self.md5_name, d) + self.sha256_expected = bb.data.getVarFlag("SRC_URI", self.sha256_name, d) + for m in methods: if m.supports(url, self, d): self.method = m |