aboutsummaryrefslogtreecommitdiff
path: root/i18n/fr_FR/resources/libreboot/patch/crossgcc/buildgcc_hash_patch.diff
blob: 9750795a8bc7e211744f17c225b49f602da72cce (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc
index 97c38b8d95..d6b11ed0a6 100755
--- a/util/crossgcc/buildgcc
+++ b/util/crossgcc/buildgcc
@@ -270,18 +270,6 @@ check_cc() {
 	fi
 }
 
-check_sum() {
-	test -z "$CHECKSUM" || \
-	test "$(cat sum/$1.cksum 2>/dev/null | sed -e 's@.*\([0-9a-f]\{40,\}\).*@\1@')" = \
-	"$($CHECKSUM tarballs/$1 2>/dev/null | sed -e 's@.*\([0-9a-f]\{40,\}\).*@\1@')"
-}
-
-compute_sum() {
-	test ! -f sum/$1.cksum && test -f tarballs/$1 && \
-	(test -z "$CHECKSUM" || $CHECKSUM tarballs/$1 > sum/$1.cksum ) && \
-	printf "(checksum created. ${RED}Note. Please upload sum/$1.cksum if the corresponding archive is upgraded.)${NC}"
-}
-
 download_showing_percentage() {
 	url=$1
 	printf " ..${red}  0%%"
@@ -293,12 +281,13 @@ download_showing_percentage() {
 
 download() {
 	package=$1
-	archive="$(eval echo \$$package"_ARCHIVE")"
+	archive="$package"_ARCHIVE
+	archive="${!archive}"
 
 	FILE=$(basename $archive)
 	printf " * $FILE "
 
-	if test -f tarballs/$FILE && check_sum $FILE ; then
+	if test -f tarballs/$FILE; then
 		printf "(cached)"
 	else
 		printf "(downloading from $archive)"
@@ -306,7 +295,6 @@ download() {
 		cd tarballs
 		download_showing_percentage $archive
 		cd ..
-		compute_sum $FILE
 	fi
 
 	if [ ! -f tarballs/$FILE ]; then
@@ -316,9 +304,100 @@ download() {
 	printf "\n"
 }
 
+# Compute the hash of the package given in $1, and print it raw (just the
+# hexadecimal hash).
+compute_hash() {
+	package=$1
+	archive="$package"_ARCHIVE
+	archive="${!archive}"
+	file="$(basename "$archive")"
+
+	if test -z "$CHECKSUM"; then
+		echo "${RED}\$CHECKSUM program missing. This is bad.${NC}" 1>&2
+		exit 1
+	fi
+
+	$CHECKSUM "tarballs/$file" 2>/dev/null | sed -e 's@.*\([0-9a-f]\{40,\}\).*@\1@'
+}
+
+error_hash_missing() {
+	package="$1"
+	archive="$package"_ARCHIVE
+	archive="${!archive}"
+	file="$(basename "$archive")"
+
+	fullhashfile="util/crossgcc/sum/$file.cksum"
+	printf "${RED}hash file missing:${NC}\n\n" 1>&2
+	printf "Please verify util/crossgcc/tarball/$file carefully\n" 1>&2
+	printf "(using PGP if possible), and then rename\n" 1>&2
+	printf "        ${CYAN}${fullhashfile}.calc${NC}\n" 1>&2
+	printf "     to ${CYAN}${fullhashfile}${NC}\n\n" 1>&2
+
+	exit 1
+}
+
+# Read the known hash file of the package given in $1, and print it raw.
+get_known_hash() {
+	package=$1
+	archive="$package"_ARCHIVE
+	archive="${!archive}"
+	file="$(basename "$archive")"
+	hashfile="sum/$file.cksum"
+
+	if [ ! -f "$hashfile" ]; then
+		calc_hash="$(compute_hash "$package")" || exit 1
+		echo "$calc_hash  tarballs/$file" > "${hashfile}.calc"
+
+		error_hash_missing "$package"
+		exit 1
+	fi
+
+	cat "$hashfile" | sed -e 's@.*\([0-9a-f]\{40,\}\).*@\1@'
+}
+
+error_hash_mismatch() {
+	package=$1
+	known_hash="$2"
+	computed_hash="$3"
+	archive="$package"_ARCHIVE
+	archive="${!archive}"
+	file="$(basename "$archive")"
+
+	printf "${RED}hash mismatch:${NC}\n\n"
+	printf "             expected (known) hash: $known_hash\n"
+	printf "calculated hash of downloaded file: $computed_hash\n\n"
+
+	printf "If you think this is due to a network error, please delete\n"
+	printf "  ${CYAN}util/crossgcc/tarballs/$file${NC}\n"
+	printf "and try again. If the problem persists, it may be due to an\n"
+	printf "administration error on the file server, or you might be\n"
+	printf "subject to a Man-in-the-Middle attack\n\n"
+
+	exit 1
+}
+
+# verify_hash - Check that the hash of the file given in $1 matches the known
+# hash; Bail out on mismatch or missing hash file.
+verify_hash() {
+	package=$1
+	archive="$package"_ARCHIVE
+	archive="${!archive}"
+
+	known_hash="$(get_known_hash "$package")" || exit "$?"
+	computed_hash="$(compute_hash "$package")" || exit "$?"
+
+	if [ "$known_hash" != "$computed_hash" ]; then
+		error_hash_mismatch "$package" "$known_hash" "$computed_hash"
+		exit 1
+	fi
+
+	printf "${GREEN}hash verified ("$known_hash")${NC}\n"
+}
+
 unpack_and_patch() {
 	package=$1
-	archive="$(eval echo \$$package"_ARCHIVE")"
+	archive="$package"_ARCHIVE
+	archive="${!archive}"
 	dir="$(eval echo \$$package"_DIR")"
 	test -d ${dir} && test -f ${dir}/.unpack_success || (
 		printf " * $(basename $archive)\n"
@@ -963,10 +1042,11 @@ export PATH=$DESTDIR$TARGETDIR/bin:$PATH
 
 # Download, unpack, patch and build all packages
 
-printf "Downloading tarballs ... \n"
+printf "Downloading and verifying tarballs... \n"
 mkdir -p tarballs
 for P in $PACKAGES; do
-	download $P
+	  download "$P" || exit "$?"
+    verify_hash "$P" || exit "$P"
 done
 printf "Downloaded tarballs ... ${green}ok${NC}\n"