[openwrt/openwrt] download: handle possibly invalid local tarballs

Fri Nov 27 08:46:30 EST 2020

ynezz pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/4e19cbc553350b8146985367ba46514cf50e3393

commit 4e19cbc553350b8146985367ba46514cf50e3393
Author: Petr Štetiar <ynezz at true.cz>
AuthorDate: Thu Nov 19 16:32:46 2020 +0100

    download: handle possibly invalid local tarballs
    
    Currently it's assumed, that already downloaded tarballs are always
    fine, so no checksum checking is performed and the tarball is used even
    if it might be corrupted.
    
    From now on, we're going to always check the downloaded tarballs before
    considering them valid.
    
    Steps to reproduce:
    
     1. Remove cached tarball
    
       rm dl/libubox-2020-08-06-9e52171d.tar.xz
    
     2. Download valid tarball again
    
       make package/libubox/download
    
     3. Invalidate the tarball
    
       sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile
    
     4. Now compile with corrupt tarball source
    
       make package/libubox/{clean,compile}
    
    Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 include/host-build.mk |  2 ++
 include/package.mk    |  2 ++
 scripts/download.pl   | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+)

diff --git a/include/host-build.mk b/include/host-build.mk
index 7d84ab0f5f..4ac1405181 100644
--- a/include/host-build.mk
+++ b/include/host-build.mk
@@ -186,6 +186,8 @@ ifndef DUMP
     clean-build: host-clean-build
   endif
 
+  $(DL_DIR)/$(FILE): FORCE
+
   $(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
   $(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
   $(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)
diff --git a/include/package.mk b/include/package.mk
index 50bd838180..5eb4460db8 100644
--- a/include/package.mk
+++ b/include/package.mk
@@ -189,6 +189,8 @@ define Build/CoreTargets
   $(call Build/Autoclean)
   $(call DefaultTargets)
 
+  $(DL_DIR)/$(FILE): FORCE
+
   download:
 	$(foreach hook,$(Hooks/Download),
 		$(call $(hook))$(sep)
diff --git a/scripts/download.pl b/scripts/download.pl
index 351b06a08b..2d87f47f84 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -262,6 +262,24 @@ foreach my $mirror (@ARGV) {
 push @mirrors, 'https://sources.openwrt.org';
 push @mirrors, 'https://mirror2.openwrt.org/sources';
 
+if (-f "$target/$filename") {
+	$hash_cmd and do {
+		if (system("cat '$target/$filename' | $hash_cmd > '$target/$filename.hash'")) {
+			die "Failed to generate hash for $filename\n";
+		}
+
+		my $sum = `cat "$target/$filename.hash"`;
+		$sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
+		$sum = $1;
+
+		exit 0 if $sum eq $file_hash;
+
+		die "Hash of the local file $filename does not match (file: $sum, requested: $file_hash) - deleting download.\n";
+		unlink "$target/$filename";
+		cleanup();
+	};
+}
+
 while (!-f "$target/$filename") {
 	my $mirror = shift @mirrors;
 	$mirror or die "No more mirrors to try - giving up.\n";

