All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit] configs/rock5b: add hash for custom kernel
@ 2023-12-23 18:44 Yann E. MORIN
  0 siblings, 0 replies; only message in thread
From: Yann E. MORIN @ 2023-12-23 18:44 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=9ebbfeff38770876e48a4d38741dd9fffc001a42
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Commit d344ffe6245b (configs/rock5b: add hash for custom uboot)
explicitly noted that the kernel was retrieved from a git-clone, so the
sha1 of the commit was enough to get what we expect.

However, that does not account for the fact that the upstream repository
can disapear or be temporarily unavailable (maliciously or not). In that
case, the kernel archive will be looked up on the backup mirror.

In that case, the download is via wget over https, which protects the
transport, but does not guarantee that the remote server serves the
expected archive.

The hash file was dropped when d344ffe6245b was applied; restore it.

Since the defconfig now has hashes for all its downloads, enforce
checking hashes.

Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
 board/radxa/rock5b/patches/linux/linux.hash | 2 ++
 configs/rock5b_defconfig                    | 1 +
 2 files changed, 3 insertions(+)

diff --git a/board/radxa/rock5b/patches/linux/linux.hash b/board/radxa/rock5b/patches/linux/linux.hash
new file mode 100644
index 0000000000..95ad749554
--- /dev/null
+++ b/board/radxa/rock5b/patches/linux/linux.hash
@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  a5eca7b8f929a1918125e2e4fbd7ab4ea5b3910b5ae4547e81c794b47373ffb5  linux-52f51a2b5ba178f331af62260d2da86d7472c14b-br1.tar.gz
diff --git a/configs/rock5b_defconfig b/configs/rock5b_defconfig
index eed656ef5f..2e72b386b1 100644
--- a/configs/rock5b_defconfig
+++ b/configs/rock5b_defconfig
@@ -6,6 +6,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS=""
 BR2_TARGET_GENERIC_HOSTNAME="rock5b"
 BR2_TARGET_GENERIC_ISSUE="Welcome to the rock5b board"
 BR2_GLOBAL_PATCH_DIR="board/radxa/rock5b/patches"
+BR2_DOWNLOAD_FORCE_CHECK_HASHES=y
 BR2_SYSTEM_DHCP="eth0"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2023-12-23 18:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-23 18:44 [Buildroot] [git commit] configs/rock5b: add hash for custom kernel Yann E. MORIN

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.