Browse Source

carl9170: Add and check SHA-256 sums for the toolchain tarballs

The sums for binutils and gcc are based on an HTTPS download (instead
of the default HTTP).

newlib doesn't seem to be available with any kind of signature, so I
compared a tarball and CVS checkout; let's hope they weren't both
compromised.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
main
Ben Hutchings 12 years ago
parent
commit
9f43b7a6b0
  1. 11
      carl9170fw/toolchain/Makefile
  2. 3
      carl9170fw/toolchain/SHA256SUMS

11
carl9170fw/toolchain/Makefile

@ -12,16 +12,27 @@ GCC_TAR=gcc-$(GCC_VER).tar.bz2 @@ -12,16 +12,27 @@ GCC_TAR=gcc-$(GCC_VER).tar.bz2

BASEDIR=$(shell pwd)

define checksum
@if grep -q ' $(subst .,\.,$(1))$$' SHA256SUMS; then \
grep ' $(subst .,\.,$(1))$$' SHA256SUMS | sha256sum -c; \
else \
echo "WARNING: no checksum defined for $(1)"; \
fi
endef

all: gcc

src/$(BINUTILS_TAR):
wget -P src $(BINUTILS_URL)
$(call checksum,$@)

src/$(NEWLIB_TAR):
wget -P src $(NEWLIB_URL)
$(call checksum,$@)

src/$(GCC_TAR):
wget -P src $(GCC_URL)
$(call checksum,$@)

src/binutils-$(BINUTILS_VER): src/$(BINUTILS_TAR)
tar -C src -xjf $<

3
carl9170fw/toolchain/SHA256SUMS

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
6c7af8ed1c8cf9b4b9d6e6fe09a3e1d3d479fe63984ba8b9b26bf356b6313ca9 src/binutils-2.22.tar.bz2
16093f6fa01732adf378d97fe338f113c933bdf56da22bf87c76beff13da406f src/gcc-4.7.1.tar.bz2
c644b2847244278c57bec2ddda69d8fab5a7c767f3b9af69aa7aa3da823ff692 src/newlib-1.20.0.tar.gz
Loading…
Cancel
Save