diff --git a/Config.in b/Config.in index 1fcf549e62..339c28f29c 100644 --- a/Config.in +++ b/Config.in @@ -664,12 +664,12 @@ config BR2_PACKAGE_OVERRIDE_FILE documentation for more details on this feature. config BR2_GLOBAL_PATCH_DIR - string "global patch directories" + string "global patch and hash directories" help You may specify a space separated list of one or more - directories containing global package patches. For a specific - version of a specific package , - patches are applied as follows: + directories containing global package patches and/or hashes. + For a specific version of a specific package + , patches are looked up as follows: First, the default Buildroot patch set for the package is applied from the package's directory in Buildroot. @@ -683,6 +683,8 @@ config BR2_GLOBAL_PATCH_DIR exists, then all *.patch files in the directory will be applied. + The hash files are looked up similarly to the patches. + menu "Advanced" config BR2_FORCE_HOST_BUILD diff --git a/docs/manual/adding-packages-directory.txt b/docs/manual/adding-packages-directory.txt index 7150018a3b..5a0f298eb1 100644 --- a/docs/manual/adding-packages-directory.txt +++ b/docs/manual/adding-packages-directory.txt @@ -540,6 +540,12 @@ mercurial) because Buildroot currently does not generate reproducible tarballs when source code is fetched from such version control systems. +Additionally, for packages for which it is possible to specify a custom +version (e.g. a custom version string, a remote tarball URL, or a VCS +repository location and changeset), Buildroot can't carry hashes for +those. It is however possible to xref:customize-hashes[provide a list of +extra hashes] that can cover such cases. + Hashes should only be added in +.hash+ files for files that are guaranteed to be stable. For example, patches auto-generated by Github are not guaranteed to be stable, and therefore their hashes can change diff --git a/docs/manual/customize-patches.txt b/docs/manual/customize-patches.txt index eb98d1bea2..72e87c3c04 100644 --- a/docs/manual/customize-patches.txt +++ b/docs/manual/customize-patches.txt @@ -1,8 +1,10 @@ // -*- mode:doc -*- ; // vim: set syntax=asciidoc: +=== Adding project-specific patches and hashes + [[customize-patches]] -=== Adding project-specific patches +==== Providing extra patches It is sometimes useful to apply 'extra' patches to packages - on top of those provided in Buildroot. This might be used to support custom @@ -57,3 +59,23 @@ are available at a URL. *Note:* +BR2_LINUX_KERNEL_PATCH+ specifies kernel patches that are applied after patches available in +BR2_GLOBAL_PATCH_DIR+, as it is done from a post-patch hook of the Linux package. + +[[customize-hashes]] +==== Providing extra hashes + +Buildroot bundles a xref:adding-packages-hash[list of hashes] against +which it checks the integrity of the downloaded archives, or of those +it generates locally from VCS checkouts. However, it can only do so +for the known versions; for packages where it is possible to specify +a custom version (e.g. a custom version string, a remote tarball URL, +or a VCS repository location and changeset), Buildroot can't carry +hashes for those. + +For users concerned with the integrity of such downloads, it is possible +to provide a list of hashes that Buildroot can use to check arbitrary +downloaded files. Those extra hashes are looked up similarly to the +extra patches (above); for each directory in +BR2_GLOBAL_PATCH_DIR+, +the first file to exist is used to check a package download: + +* +///.hash+ +* +//.hash+ diff --git a/package/pkg-download.mk b/package/pkg-download.mk index 0718f21aad..44cc178dea 100644 --- a/package/pkg-download.mk +++ b/package/pkg-download.mk @@ -115,7 +115,7 @@ define DOWNLOAD -d '$($(2)_DL_DIR)' \ -D '$(DL_DIR)' \ -f '$(notdir $(1))' \ - -H '$($(2)_HASH_FILE)' \ + $(foreach f,$($(2)_HASH_FILES),-H '$(f)') \ -n '$($(2)_BASENAME_RAW)' \ -N '$($(2)_RAWNAME)' \ -o '$($(2)_DL_DIR)/$(notdir $(1))' \ diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index ad2741a22e..a976a526a1 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -509,11 +509,15 @@ else endif $(2)_VERSION := $$(call sanitize,$$($(2)_DL_VERSION)) -$(2)_HASH_FILE = \ +$(2)_HASH_FILES = \ $$(strip \ - $$(if $$(wildcard $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash),\ - $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash,\ - $$($(2)_PKGDIR)/$$($(2)_RAWNAME).hash)) + $$(foreach d, $$($(2)_PKGDIR) $$(addsuffix /$$($(2)_RAWNAME), $$(call qstrip,$$(BR2_GLOBAL_PATCH_DIR))),\ + $$(if $$(wildcard $$(d)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash),\ + $$(d)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash,\ + $$(d)/$$($(2)_RAWNAME).hash\ + )\ + )\ + ) ifdef $(3)_OVERRIDE_SRCDIR $(2)_OVERRIDE_SRCDIR ?= $$($(3)_OVERRIDE_SRCDIR) @@ -1132,7 +1136,7 @@ ifneq ($$(call qstrip,$$($(2)_SOURCE)),) ifeq ($$(call qstrip,$$($(2)_LICENSE_FILES)),) $(Q)$$(call legal-warning-pkg,$$($(2)_BASENAME_RAW),cannot save license ($(2)_LICENSE_FILES not defined)) else - $(Q)$$(foreach F,$$($(2)_LICENSE_FILES),$$(call legal-license-file,$$(call UPPERCASE,$(4)),$$($(2)_RAWNAME),$$($(2)_BASENAME_RAW),$$(F),$$($(2)_DIR)/$$(F),$$($(2)_HASH_FILE))$$(sep)) + $(Q)$$(foreach F,$$($(2)_LICENSE_FILES),$$(call legal-license-file,$$(call UPPERCASE,$(4)),$$($(2)_RAWNAME),$$($(2)_BASENAME_RAW),$$(F),$$($(2)_DIR)/$$(F),$$($(2)_HASH_FILES))$$(sep)) endif # license files ifeq ($$($(2)_REDISTRIBUTE),YES) diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk index b91061a572..059e86ae0a 100644 --- a/package/pkg-utils.mk +++ b/package/pkg-utils.mk @@ -280,7 +280,7 @@ define legal-manifest # {HOST|TARGET}, pkg, version, license, license-files, sou echo '"$(2)","$(3)","$(4)","$(5)","$(6)","$(7)","$(8)"' >>$(LEGAL_MANIFEST_CSV_$(1)) endef -define legal-license-file # {HOST|TARGET}, pkgname, pkgname-pkgver, filename, file-fullpath, pkg-hashfile +define legal-license-file # {HOST|TARGET}, pkgname, pkgname-pkgver, filename, file-fullpath, pkg-hashfiles mkdir -p $(LICENSE_FILES_DIR_$(1))/$(3)/$(dir $(4)) && \ { \ support/download/check-hash $(5) $(4) $(6); \