[LEDE-DEV] [PATCH] scripts/download.pl: fail loudly if provided hash is unsupported

Baptiste Jonglez baptiste at bitsofnetworks.org
Sun Sep 24 13:57:05 PDT 2017


Hi,

On 24-09-17, Stijn Tintel wrote:
> On 03-09-17 15:01, Baptiste Jonglez wrote:
> > Note: if some users of scripts/download.pl knowingly provide an empty hash
> > because they don't need checksum verification, this change will break
> > them.  This does not seem to be the case currently, but if this feature is
> > ever needed, an option should be added to download.pl instead of relying
> > on the hash being empty.
>
> Unfortunately this change breaks the make/foo/download feature,

Can you elaborate on this?  It seems to work fine here:

    $ make package/dnsmasq/download V=s
    make[1]: Entering directory '/lede/tmp/lede-project'
    make[2]: Entering directory '/lede/tmp/lede-project/package/network/services/dnsmasq'
    mkdir -p /lede/tmp/lede-project/dl
    SHELL= flock /lede/tmp/lede-project/tmp/.dnsmasq-2.77.tar.xz.flock -c '	/lede/tmp/lede-project/scripts/download.pl "/lede/tmp/lede-project/dl" "dnsmasq-2.77.tar.xz" "6eac3b1c50ae25170e3ff8c96ddb55236cf45007633fdb8a35b1f3e02f5f8b8a" "" "http://thekelleys.org.uk/dnsmasq/"    '
    + curl -f --connect-timeout 20 --retry 5 --location --insecure http://thekelleys.org.uk/dnsmasq/dnsmasq-2.77.tar.xz
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100  475k  100  475k    0     0   237k      0  0:00:02  0:00:02 --:--:--  232k
    make[2]: Leaving directory '/lede/tmp/lede-project/package/network/services/dnsmasq'
    make[1]: Leaving directory '/lede/tmp/lede-project'

> and because of this also the script we use to update kernel versions and
> refresh patches for all targets. This has been discussed in #lede-dev a
> few times, but we never agreed on a solution. Today, this is biting me
> once again, and therefore I suggest to revert this change until we can
> agree on a solution that is both secure and doesn't break something some
> of use rather frequently.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170924/ee05673c/attachment.sig>


More information about the Lede-dev mailing list