jeans/LibreELEC.tv
jeans/LibreELEC.tv
1
0
Fork 0
mirror of https://github.com/LibreELEC/LibreELEC.tv.git synced 2025-07-28 13:16:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

build system: verify package downloads using sha256 checksum

Browse Source
This commit is contained in:
MilhouseVH 2017-05-05 11:36:22 +01:00
parent 903cd8bb4a
commit 48aea71469
2 changed files with 61 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/path
View File

@ -80,6 +80,7 @@ SED="sed -i"
PKG_IS_ADDON="no" PKG_IS_ADDON="no"
PKG_PATCH_DIRS="" PKG_PATCH_DIRS=""
PKG_NEED_UNPACK="" PKG_NEED_UNPACK=""
PKG_SHA256=""
if [ -n "$1" ]; then if [ -n "$1" ]; then
_PKG_ROOT_NAME=${1%:*} _PKG_ROOT_NAME=${1%:*}

66
scripts/get
View File

@ -1,25 +1,34 @@
#!/bin/bash #!/bin/bash
################################################################################ ################################################################################
# This file is part of OpenELEC - http://www.openelec.tv # This file is part of LibreELEC - https://libreelec.tv
# Copyright (C) 2009-2016 Stephan Raue (stephan@openelec.tv) # Copyright (C) 2017-present Team LibreELEC
# #
# OpenELEC is free software: you can redistribute it and/or modify # LibreELEC is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or # the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version. # (at your option) any later version.
# #
# OpenELEC is distributed in the hope that it will be useful, # LibreELEC is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details. # GNU General Public License for more details.
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with OpenELEC. If not, see <http://www.gnu.org/licenses/>. # along with LibreELEC. If not, see <http://www.gnu.org/licenses/>.
################################################################################ ################################################################################
. config/options $1 . config/options $1
_get_file_already_downloaded() {
if [ -f $PACKAGE ]; then
if [ "$(cat $STAMP_URL 2>/dev/null)" == "${PKG_URL}" ]; then
[ -z "${PKG_SHA256}" -o "$(cat $STAMP_SHA 2>/dev/null)" == "${PKG_SHA256}" ] && return 0
fi
fi
return 1
}
if [ -z "$1" ]; then if [ -z "$1" ]; then
for i in `find packages/ -type f -name package.mk`; do for i in `find packages/ -type f -name package.mk`; do
GET_PKG=`grep ^PKG_NAME= $i | sed -e "s,\",,g" -e "s,PKG_NAME=,,"` GET_PKG=`grep ^PKG_NAME= $i | sed -e "s,\",,g" -e "s,PKG_NAME=,,"`
@ -27,47 +36,62 @@ if [ -z "$1" ]; then
done done
fi fi
if [ -n "$PKG_URL" -a -n "$PKG_SOURCE_NAME" ]; then [ -z "$PKG_URL" -o -z "$PKG_SOURCE_NAME" ] && exit 0
mkdir -p $SOURCES/$1 mkdir -p $SOURCES/$1
PACKAGE="$SOURCES/$1/$PKG_SOURCE_NAME" PACKAGE="$SOURCES/$1/$PKG_SOURCE_NAME"
PACKAGE_MIRROR="$DISTRO_MIRROR/$PKG_NAME/$PKG_SOURCE_NAME" PACKAGE_MIRROR="$DISTRO_MIRROR/$PKG_NAME/$PKG_SOURCE_NAME"
[ "$VERBOSE" != "yes" ] && WGET_OPT=-q [ "$VERBOSE" != "yes" ] && WGET_OPT=-q
WGET_CMD="wget --timeout=30 --tries=3 --passive-ftp --no-check-certificate -c $WGET_OPT -O $SOURCES/$1/$PKG_SOURCE_NAME" WGET_CMD="wget --timeout=30 --tries=3 --passive-ftp --no-check-certificate -c $WGET_OPT -O $PACKAGE"
STAMP="$PACKAGE.url" STAMP_URL="$PACKAGE.url"
STAMP_SHA="$PACKAGE.sha256"
# Nothing to be downloaded, exit now... # Latest file already present, exit now...
[ -f $SOURCES/$1/$PKG_SOURCE_NAME -a "$(cat $STAMP 2>/dev/null)" == "$PKG_URL" ] && exit 0 _get_file_already_downloaded $1 && exit 0
# Avoid concurrent downloads of the same package # Avoid concurrent downloads of the same package
_isblocked=N _isblocked=N
exec 99<$SOURCES/$1 exec 99<$SOURCES/$1
while ! flock --nonblock --exclusive 99; do while ! flock --nonblock --exclusive 99; do
[ ${_isblocked} == N ] && { echo "Project ${PROJECT} waiting to avoid concurrent download of ${1}..."; _isblocked=Y; } [ ${_isblocked} == N ] && { echo "Project/Device ${DEVICE:-${PROJECT}} waiting, to avoid concurrent download of ${1}..."; _isblocked=Y; }
sleep 1 sleep 1
done done
if ! [ -f $SOURCES/$1/$PKG_SOURCE_NAME -a "$(cat $STAMP 2>/dev/null)" == "$PKG_URL" ]; then # Check again in case of concurrent access - if nothing needs to be downloaded, exit now...
rm -f $SOURCES/$1/$PKG_SOURCE_NAME $STAMP _get_file_already_downloaded $1 && exit 0
# At this point, we need to download something...
printf "%${BUILD_INDENT}c ${boldcyan}GET${endcolor} $1\n" ' '>&$SILENT_OUT printf "%${BUILD_INDENT}c ${boldcyan}GET${endcolor} $1\n" ' '>&$SILENT_OUT
export BUILD_INDENT=$((${BUILD_INDENT:-1}+$BUILD_INDENT_SIZE)) export BUILD_INDENT=$((${BUILD_INDENT:-1}+$BUILD_INDENT_SIZE))
# unset LD_LIBRARY_PATH to stop wget from using toolchain/lib and loading libssl.so/libcrypto.so instead of host libraries # unset LD_LIBRARY_PATH to stop wget from using toolchain/lib and loading libssl.so/libcrypto.so instead of host libraries
unset LD_LIBRARY_PATH unset LD_LIBRARY_PATH
NBWGET=1 rm -f $STAMP_URL $STAMP_SHA
until $WGET_CMD "$PKG_URL" || $WGET_CMD "$PACKAGE_MIRROR"; do
NBWGET=$((NBWGET + 1)) NBWGET=10
if [ $NBWGET -gt 10 ]; then while [ $NBWGET -gt 0 ]; do
echo -e "\nCant't get $1 sources : $PKG_URL\n Try later !!" rm -f $PACKAGE
exit 1
if $WGET_CMD "$PKG_URL" || $WGET_CMD "$PACKAGE_MIRROR"; then
CALC_SHA256="$(sha256sum $PACKAGE | cut -d" " -f1)"
[ -z "${PKG_SHA256}" -o "${PKG_SHA256}" == "${CALC_SHA256}" ] && break
printf "${boldred}WARNING${endcolor} Incorrect checksum calculated on downloaded file: got ${CALC_SHA256}, wanted ${PKG_SHA256}\n\n"
fi fi
NBWGET=$((NBWGET - 1))
done done
echo "$PKG_URL" > $STAMP if [ $NBWGET -eq 0 ]; then
fi echo -e "\nCant't get $1 sources : $PKG_URL\n Try later !!"
exit 1
else
printf "${boldgreen}INFO${endcolor} Calculated checksum is: ${CALC_SHA256}\n\n"
echo "${PKG_URL}" > $STAMP_URL
echo "${CALC_SHA256}" > $STAMP_SHA
fi fi
exit 0 exit 0