From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Francois Perrad <francois.perrad@gadz.org>
Cc: buildroot@busybox.net
Subject: Re: [Buildroot] [PATCH] configs/olimex_stmp157_olinuxino_lime: add hashes
Date: Sun, 2 Jun 2024 17:37:23 +0200 [thread overview]
Message-ID: <ZlyRs_aj7sXheiBt@landeda> (raw)
In-Reply-To: <20240602070634.597337-1-francois.perrad@gadz.org>
Francois, All,
On 2024-06-02 09:06 +0200, Francois Perrad spake thusly:
> and enable BR2_DOWNLOAD_FORCE_CHECK_HASHES
>
> Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Thank you for this patch. It uncovered a very nasty issue we have had
since we introduce _DL_SUBDIR more than 6 years ago now, and for which I
just sent a fix:
https://lore.kernel.org/buildroot/20240602145542.2485828-1-yann.morin.1998@free.fr/T/#u
Basically, Peter and I spent quite some time trying to udnerstand why
we got a hash different from yours:
$ make olimex_stmp157_olinuxino_lime_defconfig
$ make source
[...]
ERROR: while checking hashes from board/olimex/stmp1_olinuxino/patches/linux-headers/linux-headers.hash
ERROR: linux-fc74113e14d76aea9482264ff42e07397b94553d-git4.tar.gz has wrong sha256 hash:
ERROR: expected: 5d3ca43b81056305860d7407c871eac4f8eafa603029ee67816574a31444fd93
ERROR: got : ee94af461da08f406408c70094582232a348b14069bc4dcbe7ff97e16cfe0c70
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
However, what was even stranger to us, was that the download was OK when
we actually tried to directly trigger the linux download (there is a hint
in the trace above, but we did not see it immediately):
$ make linux-source
[...]
linux-fc74113e14d76aea9482264ff42e07397b94553d-git4.tar.gz: OK (sha256: 5d3ca43b81056305860d7407c871eac4f8eafa603029ee67816574a31444fd93)
So, sometimes the hash is OK, sometimes it is not? I seriously
considered Gremlins at one point... ;-] Of course, when we identified
the delta between the two archives, we eventually noticed the download
was failing for linux-headers, not for linux...
This is something that you too could have spotted on your side, if all
you had done was to run the download from scratch to validate the change
(I pretty much always do that to be sure):
$ rm -rf $(pwd)/dl-empty
$ make olimex_stmp157_olinuxino_lime_defconfig
$ BR2_DL_DIR=$(pwd)/dl-empty make source
Anyway, that was a really nasty issue, but we now have a fix. Could you
please help test and review that patch, please?
Regards,
Yann E. MORIN.
> ---
> .checkpackageignore | 1 -
> .../stmp1_olinuxino/patches/linux-headers/linux-headers.hash | 1 +
> board/olimex/stmp1_olinuxino/patches/linux/linux.hash | 2 ++
> board/olimex/stmp1_olinuxino/patches/uboot/uboot.hash | 2 ++
> configs/olimex_stmp157_olinuxino_lime_defconfig | 4 ++++
> 5 files changed, 9 insertions(+), 1 deletion(-)
> create mode 120000 board/olimex/stmp1_olinuxino/patches/linux-headers/linux-headers.hash
> create mode 100644 board/olimex/stmp1_olinuxino/patches/linux/linux.hash
> create mode 100644 board/olimex/stmp1_olinuxino/patches/uboot/uboot.hash
>
> diff --git a/.checkpackageignore b/.checkpackageignore
> index 8f5fc0a47..201ec2a85 100644
> --- a/.checkpackageignore
> +++ b/.checkpackageignore
> @@ -253,7 +253,6 @@ configs/olimex_a20_olinuxino_lime_defconfig lib_defconfig.ForceCheckHash
> configs/olimex_a20_olinuxino_micro_defconfig lib_defconfig.ForceCheckHash
> configs/olimex_a33_olinuxino_defconfig lib_defconfig.ForceCheckHash
> configs/olimex_a64_olinuxino_defconfig lib_defconfig.ForceCheckHash
> -configs/olimex_stmp157_olinuxino_lime_defconfig lib_defconfig.ForceCheckHash
> configs/olpc_xo175_defconfig lib_defconfig.ForceCheckHash
> configs/olpc_xo1_defconfig lib_defconfig.ForceCheckHash
> configs/orangepi_lite2_defconfig lib_defconfig.ForceCheckHash
> diff --git a/board/olimex/stmp1_olinuxino/patches/linux-headers/linux-headers.hash b/board/olimex/stmp1_olinuxino/patches/linux-headers/linux-headers.hash
> new file mode 120000
> index 000000000..5808d92af
> --- /dev/null
> +++ b/board/olimex/stmp1_olinuxino/patches/linux-headers/linux-headers.hash
> @@ -0,0 +1 @@
> +../linux/linux.hash
> \ No newline at end of file
> diff --git a/board/olimex/stmp1_olinuxino/patches/linux/linux.hash b/board/olimex/stmp1_olinuxino/patches/linux/linux.hash
> new file mode 100644
> index 000000000..8691d5ffd
> --- /dev/null
> +++ b/board/olimex/stmp1_olinuxino/patches/linux/linux.hash
> @@ -0,0 +1,2 @@
> +# Locally computed
> +sha256 5d3ca43b81056305860d7407c871eac4f8eafa603029ee67816574a31444fd93 linux-fc74113e14d76aea9482264ff42e07397b94553d-git4.tar.gz
> diff --git a/board/olimex/stmp1_olinuxino/patches/uboot/uboot.hash b/board/olimex/stmp1_olinuxino/patches/uboot/uboot.hash
> new file mode 100644
> index 000000000..a991a1922
> --- /dev/null
> +++ b/board/olimex/stmp1_olinuxino/patches/uboot/uboot.hash
> @@ -0,0 +1,2 @@
> +# Locally computed
> +sha256 6aaa18a9023db29ceaad5bca240605990b68a6bf348aaefad0bee8be8d37648e uboot-efadf793a0a5924e2c96362dc1df3e56622ebb97-git4.tar.gz
> diff --git a/configs/olimex_stmp157_olinuxino_lime_defconfig b/configs/olimex_stmp157_olinuxino_lime_defconfig
> index 8bd8e10ca..ecfa78135 100644
> --- a/configs/olimex_stmp157_olinuxino_lime_defconfig
> +++ b/configs/olimex_stmp157_olinuxino_lime_defconfig
> @@ -5,6 +5,10 @@ BR2_cortex_a7=y
> # Linux headers same as kernel, a 5.10 series
> BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_10=y
>
> +# Build
> +BR2_GLOBAL_PATCH_DIR="board/olimex/stmp1_olinuxino/patches"
> +BR2_DOWNLOAD_FORCE_CHECK_HASHES=y
> +
> # System configuration
> BR2_TARGET_GENERIC_HOSTNAME="stmp1-olinuxino"
> BR2_TARGET_GENERIC_ISSUE="Welcome to OLinuXino!"
> --
> 2.43.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2024-06-02 15:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-02 7:06 [Buildroot] [PATCH] configs/olimex_stmp157_olinuxino_lime: add hashes Francois Perrad
2024-06-02 15:37 ` Yann E. MORIN [this message]
2024-06-02 19:38 ` François Perrad
2024-06-02 18:27 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZlyRs_aj7sXheiBt@landeda \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
--cc=francois.perrad@gadz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.