FetchData: add SRC_URI checksum

This patch add the per-recipe SRC_URI checksum verification. - SRC_URI format The format of SRC_URI checksum follow OE definition: 1. SRC_URI has single src SRC_URI = "http://some.domain/file.tar.gz" SRC_URI[md5sum] = "xxxxxxxxxxxxxxx" SRC_URI[sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx" 2. SRC_URI has multiple src, every src need specify name SRC_URI = "http://some.domain/file1.tar.gz;name=name1 \ http://some.domain/file2.tar.gz;name=name2 " SRC_URI[name1.md5sum] = "xxxxxxxxxxxxxxx" SRC_URI[name1.sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx" SRC_URI[name2.md5sum] = "xxxxxxxxxxxxxxx" SRC_URI[name2.sha256sum] = "xxxxxxxxxxxxxxxxxxxxxx" - SRC_URI checking invocation: the checksum checking is invoked in do_fetch phase, so it can be invoked manually by # bitbake -f -c fetch <recipe_name> if recipes has no SRC_URI checksum item, bitbake will show warning: " WARNING: Missing SRC_URI checksum for xxxx.tar.gz, consider to add SRC_URI[md5sum] = "5c69f16d452b0bb3d44bc3c10556c072" SRC_URI[sha256sum] = "f4e0ada8d4d516bbb8600a3ee7d9046c9c79e38cd781df9ffc46d8f16acd1768" " thus recipe author can add it to recpie file after SRC_URI - control variable BB_STRICT_CHECKSUM when SRC_URI checksum is missing, this variable decide pass or not if BB_STRICT_CHECKSUM = "1", bitbake should fatal in this case, otherwise bitbake just pass Signed-off-by: Yu Ke <ke.yu@intel.com>
author: Yu Ke <ke.yu@intel.com> 2010-12-17 13:52:52 +0800
committer: Richard Purdie <rpurdie@linux.intel.com> 2010-12-20 15:24:52 +0000
commit: b8d69d6f6e41896046a07f6ffb5d156ed23c6556 (patch)
tree: 12cefc02898c27a28526516d4e3e2f29f855aa8f /bitbake/lib/bb/fetch
parent: 670c18c3ef8f1199b776d5826806e31a827007df (diff)
download: poky-b8d69d6f6e41896046a07f6ffb5d156ed23c6556.tar.gz
1 files changed, 49 insertions, 0 deletions
diff --git a/bitbake/lib/bb/fetch/__init__.py b/bitbake/lib/bb/fetch/__init__.py
index 50955f16f1..387de669e1 100644
--- a/bitbake/lib/bb/fetch/__init__.py
+++ b/bitbake/lib/bb/fetch/__init__.py
@@ -231,6 +231,42 @@ def removefile(f):
    except:
        pass
+def verify_checksum(d, ud):
+    """
+    verify the MD5 and SHA256 checksum for downloaded src
+    return value:
+        - True: checksum matched
+        - False: checksum unmatched
+    if checksum is missing in recipes file, "BB_STRICT_CHECKSUM" decide the return value.
+    if BB_STRICT_CHECKSUM = "1" then return false as unmatched, otherwise return true as
+    matched
+    """
+    if not ud.type in ["http", "https", "ftp", "ftps"]:
+        return True
+    md5data = bb.utils.md5_file(ud.localpath)
+    sha256data = bb.utils.sha256_file(ud.localpath)
+    if (ud.md5_expected == None or ud.sha256_expected == None):
+        bb.warn("Missing SRC_URI checksum for %s, consider to add\n" \
+                "SRC_URI[%s] = \"%s\"\nSRC_URI[%s] = \"%s\"" \
+                % (ud.localpath, ud.md5_name, md5data, ud.sha256_name, sha256data))
+        if bb.data.getVar("BB_STRICT_CHECKSUM", d, True) == "1":
+            return False
+        else:
+            return True
+    if (ud.md5_expected != md5data or ud.sha256_expected != sha256data):
+        bb.error("The checksums for '%s' did not match." % ud.localpath)
+        bb.error("Expected MD5: '%s' and Got: '%s'" % (ud.md5_expected, md5data))
+        bb.error("Expected SHA256: '%s' and Got: '%s'" % (ud.sha256_expected, sha256data))
+        return False
+    return True
 def go(d, urls = None):
    """
    Fetch all urls
@@ -283,6 +319,9 @@ def go(d, urls = None):
        else:
            Fetch.write_md5sum(u, ud, d)
+        if not verify_checksum(d, ud):
+            raise FetchError("%s checksum mismatch." % u)
        bb.utils.unlockfile(lf)
 def checkstatus(d, urls = None):
@@ -502,6 +541,16 @@ class FetchData(object):
        if not self.pswd and "pswd" in self.parm:
            self.pswd = self.parm["pswd"]
        self.setup = False
+        if "name" in self.parm:
+            self.md5_name = "%s.md5sum" % self.parm["name"]
+            self.sha256_name = "%s.sha256sum" % self.parm["name"]
+        else:
+            self.md5_name = "md5sum"
+            self.sha256_name = "sha256sum"
+        self.md5_expected = bb.data.getVarFlag("SRC_URI", self.md5_name, d)
+        self.sha256_expected = bb.data.getVarFlag("SRC_URI", self.sha256_name, d)
        for m in methods:
            if m.supports(url, self, d):
                self.method = m
author	Yu Ke <ke.yu@intel.com>	2010-12-17 13:52:52 +0800
committer	Richard Purdie <rpurdie@linux.intel.com>	2010-12-20 15:24:52 +0000
commit	b8d69d6f6e41896046a07f6ffb5d156ed23c6556 (patch)
tree	12cefc02898c27a28526516d4e3e2f29f855aa8f /bitbake/lib/bb/fetch
parent	670c18c3ef8f1199b776d5826806e31a827007df (diff)
download	poky-b8d69d6f6e41896046a07f6ffb5d156ed23c6556.tar.gz

diff --git a/bitbake/lib/bb/fetch/__init__.py b/bitbake/lib/bb/fetch/__init__.py index 50955f16f1..387de669e1 100644 --- a/bitbake/lib/bb/fetch/__init__.py +++ b/bitbake/lib/bb/fetch/__init__.py
@@ -231,6 +231,42 @@ def removefile(f):
231	except:	231	except:
232	pass	232	pass
233		233
		234	def verify_checksum(d, ud):
		235	"""
		236	verify the MD5 and SHA256 checksum for downloaded src
		237
		238	return value:
		239	- True: checksum matched
		240	- False: checksum unmatched
		241
		242	if checksum is missing in recipes file, "BB_STRICT_CHECKSUM" decide the return value.
		243	if BB_STRICT_CHECKSUM = "1" then return false as unmatched, otherwise return true as
		244	matched
		245	"""
		246
		247	if not ud.type in ["http", "https", "ftp", "ftps"]:
		248	return True
		249
		250	md5data = bb.utils.md5_file(ud.localpath)
		251	sha256data = bb.utils.sha256_file(ud.localpath)
		252
		253	if (ud.md5_expected == None or ud.sha256_expected == None):
		254	bb.warn("Missing SRC_URI checksum for %s, consider to add\n" \
		255	"SRC_URI[%s] = \"%s\"\nSRC_URI[%s] = \"%s\"" \
		256	% (ud.localpath, ud.md5_name, md5data, ud.sha256_name, sha256data))
		257	if bb.data.getVar("BB_STRICT_CHECKSUM", d, True) == "1":
		258	return False
		259	else:
		260	return True
		261
		262	if (ud.md5_expected != md5data or ud.sha256_expected != sha256data):
		263	bb.error("The checksums for '%s' did not match." % ud.localpath)
		264	bb.error("Expected MD5: '%s' and Got: '%s'" % (ud.md5_expected, md5data))
		265	bb.error("Expected SHA256: '%s' and Got: '%s'" % (ud.sha256_expected, sha256data))
		266	return False
		267
		268	return True
		269
234	def go(d, urls = None):	270	def go(d, urls = None):
235	"""	271	"""
236	Fetch all urls	272	Fetch all urls
@@ -283,6 +319,9 @@ def go(d, urls = None):
283	else:	319	else:
284	Fetch.write_md5sum(u, ud, d)	320	Fetch.write_md5sum(u, ud, d)
285		321
		322	if not verify_checksum(d, ud):
		323	raise FetchError("%s checksum mismatch." % u)
		324
286	bb.utils.unlockfile(lf)	325	bb.utils.unlockfile(lf)
287		326
288	def checkstatus(d, urls = None):	327	def checkstatus(d, urls = None):
@@ -502,6 +541,16 @@ class FetchData(object):
502	if not self.pswd and "pswd" in self.parm:	541	if not self.pswd and "pswd" in self.parm:
503	self.pswd = self.parm["pswd"]	542	self.pswd = self.parm["pswd"]
504	self.setup = False	543	self.setup = False
		544
		545	if "name" in self.parm:
		546	self.md5_name = "%s.md5sum" % self.parm["name"]
		547	self.sha256_name = "%s.sha256sum" % self.parm["name"]
		548	else:
		549	self.md5_name = "md5sum"
		550	self.sha256_name = "sha256sum"
		551	self.md5_expected = bb.data.getVarFlag("SRC_URI", self.md5_name, d)
		552	self.sha256_expected = bb.data.getVarFlag("SRC_URI", self.sha256_name, d)
		553
505	for m in methods:	554	for m in methods:
506	if m.supports(url, self, d):	555	if m.supports(url, self, d):
507	self.method = m	556	self.method = m