* [Buildroot] [PATCH 1/4] tftpd: add hash file
@ 2014-10-14 23:24 Gustavo Zacarias
2014-10-14 23:24 ` [Buildroot] [PATCH 2/4] pciutils: " Gustavo Zacarias
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Gustavo Zacarias @ 2014-10-14 23:24 UTC (permalink / raw)
To: buildroot
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/tftpd/tftpd.hash | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 package/tftpd/tftpd.hash
diff --git a/package/tftpd/tftpd.hash b/package/tftpd/tftpd.hash
new file mode 100644
index 0000000..247b757
--- /dev/null
+++ b/package/tftpd/tftpd.hash
@@ -0,0 +1,2 @@
+# From https://www.kernel.org/pub/software/network/tftp/tftp-hpa/sha256sums.asc
+sha256 afee361df96a2f88344e191f6a25480fd714e1d28d176c3f10cc43fa206b718b tftp-hpa-5.2.tar.xz
--
2.0.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 2/4] pciutils: add hash file
2014-10-14 23:24 [Buildroot] [PATCH 1/4] tftpd: add hash file Gustavo Zacarias
@ 2014-10-14 23:24 ` Gustavo Zacarias
2014-10-15 22:33 ` Peter Korsgaard
2014-10-14 23:24 ` [Buildroot] [PATCH 3/4] crda: " Gustavo Zacarias
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Gustavo Zacarias @ 2014-10-14 23:24 UTC (permalink / raw)
To: buildroot
And switch to kernel.org mirror because of inconsistency with it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/pciutils/pciutils.hash | 2 ++
package/pciutils/pciutils.mk | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
create mode 100644 package/pciutils/pciutils.hash
diff --git a/package/pciutils/pciutils.hash b/package/pciutils/pciutils.hash
new file mode 100644
index 0000000..07b9ed6
--- /dev/null
+++ b/package/pciutils/pciutils.hash
@@ -0,0 +1,2 @@
+# From https://www.kernel.org/pub/software/utils/pciutils/sha256sums.asc
+sha256 9c1ad30d1e40e353ea78b0c7ca41487cc0923d91e560a6e07072c93bcf520c02 pciutils-3.2.1.tar.gz
diff --git a/package/pciutils/pciutils.mk b/package/pciutils/pciutils.mk
index 819d6a4..972e2cc 100644
--- a/package/pciutils/pciutils.mk
+++ b/package/pciutils/pciutils.mk
@@ -5,7 +5,7 @@
################################################################################
PCIUTILS_VERSION = 3.2.1
-PCIUTILS_SITE = ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci
+PCIUTILS_SITE = $(BR2_KERNEL_MIRROR)/software/utils/pciutils
PCIUTILS_INSTALL_STAGING = YES
PCIUTILS_LICENSE = GPLv2+
PCIUTILS_LICENSE_FILES = COPYING
--
2.0.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 3/4] crda: add hash file
2014-10-14 23:24 [Buildroot] [PATCH 1/4] tftpd: add hash file Gustavo Zacarias
2014-10-14 23:24 ` [Buildroot] [PATCH 2/4] pciutils: " Gustavo Zacarias
@ 2014-10-14 23:24 ` Gustavo Zacarias
2014-10-16 5:09 ` Peter Korsgaard
2014-10-14 23:24 ` [Buildroot] [PATCH 4/4] kmod: " Gustavo Zacarias
2014-10-15 13:20 ` [Buildroot] [PATCH 1/4] tftpd: " Peter Korsgaard
3 siblings, 1 reply; 9+ messages in thread
From: Gustavo Zacarias @ 2014-10-14 23:24 UTC (permalink / raw)
To: buildroot
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/crda/crda.hash | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 package/crda/crda.hash
diff --git a/package/crda/crda.hash b/package/crda/crda.hash
new file mode 100644
index 0000000..2fc04e6
--- /dev/null
+++ b/package/crda/crda.hash
@@ -0,0 +1,2 @@
+# From https://www.kernel.org/pub/software/network/crda/sha256sums.asc
+sha256 2f85da7ab0170b140d6ed62596c8f268d4a7dedecf84cac7182ada979742ff59 crda-3.13.tar.xz
--
2.0.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 4/4] kmod: add hash file
2014-10-14 23:24 [Buildroot] [PATCH 1/4] tftpd: add hash file Gustavo Zacarias
2014-10-14 23:24 ` [Buildroot] [PATCH 2/4] pciutils: " Gustavo Zacarias
2014-10-14 23:24 ` [Buildroot] [PATCH 3/4] crda: " Gustavo Zacarias
@ 2014-10-14 23:24 ` Gustavo Zacarias
2014-10-16 5:11 ` Peter Korsgaard
2014-10-15 13:20 ` [Buildroot] [PATCH 1/4] tftpd: " Peter Korsgaard
3 siblings, 1 reply; 9+ messages in thread
From: Gustavo Zacarias @ 2014-10-14 23:24 UTC (permalink / raw)
To: buildroot
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/kmod/kmod.hash | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 package/kmod/kmod.hash
diff --git a/package/kmod/kmod.hash b/package/kmod/kmod.hash
new file mode 100644
index 0000000..8244fd9
--- /dev/null
+++ b/package/kmod/kmod.hash
@@ -0,0 +1,2 @@
+# From https://www.kernel.org/pub/linux/utils/kernel/kmod/sha256sums.asc
+sha256 e16e57272b54acb219c465b334715cfdddb5d97ff5d8948d4830ca1a372a868e kmod-18.tar.xz
--
2.0.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/4] tftpd: add hash file
2014-10-14 23:24 [Buildroot] [PATCH 1/4] tftpd: add hash file Gustavo Zacarias
` (2 preceding siblings ...)
2014-10-14 23:24 ` [Buildroot] [PATCH 4/4] kmod: " Gustavo Zacarias
@ 2014-10-15 13:20 ` Peter Korsgaard
3 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2014-10-15 13:20 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 2/4] pciutils: add hash file
2014-10-14 23:24 ` [Buildroot] [PATCH 2/4] pciutils: " Gustavo Zacarias
@ 2014-10-15 22:33 ` Peter Korsgaard
2014-10-16 14:06 ` Gustavo Zacarias
0 siblings, 1 reply; 9+ messages in thread
From: Peter Korsgaard @ 2014-10-15 22:33 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> And switch to kernel.org mirror because of inconsistency with it.
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/pciutils/pciutils.hash | 2 ++
> package/pciutils/pciutils.mk | 2 +-
> 2 files changed, 3 insertions(+), 1 deletion(-)
> create mode 100644 package/pciutils/pciutils.hash
> diff --git a/package/pciutils/pciutils.hash b/package/pciutils/pciutils.hash
> new file mode 100644
> index 0000000..07b9ed6
> --- /dev/null
> +++ b/package/pciutils/pciutils.hash
> @@ -0,0 +1,2 @@
> +# From https://www.kernel.org/pub/software/utils/pciutils/sha256sums.asc
> +sha256 9c1ad30d1e40e353ea78b0c7ca41487cc0923d91e560a6e07072c93bcf520c02 pciutils-3.2.1.tar.gz
While this checksum matches the .asc file, it is different than what
was on the old server (and on sources.buildroot.org, autobuilders and
whatnot) - And as pciutils hasn't been bumped since Nov 2013 people are
quite likely to already have it in their dl/.
As pciutils isn't really such a security sensitive package, I think we
should wait with this until the version is bumped next time.
> -PCIUTILS_SITE = ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci
> +PCIUTILS_SITE = $(BR2_KERNEL_MIRROR)/software/utils/pciutils
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 3/4] crda: add hash file
2014-10-14 23:24 ` [Buildroot] [PATCH 3/4] crda: " Gustavo Zacarias
@ 2014-10-16 5:09 ` Peter Korsgaard
0 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2014-10-16 5:09 UTC (permalink / raw)
To: buildroot
>>>>> "]Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 4/4] kmod: add hash file
2014-10-14 23:24 ` [Buildroot] [PATCH 4/4] kmod: " Gustavo Zacarias
@ 2014-10-16 5:11 ` Peter Korsgaard
0 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2014-10-16 5:11 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 2/4] pciutils: add hash file
2014-10-15 22:33 ` Peter Korsgaard
@ 2014-10-16 14:06 ` Gustavo Zacarias
0 siblings, 0 replies; 9+ messages in thread
From: Gustavo Zacarias @ 2014-10-16 14:06 UTC (permalink / raw)
To: buildroot
On 10/15/2014 07:33 PM, Peter Korsgaard wrote:
> While this checksum matches the .asc file, it is different than what
> was on the old server (and on sources.buildroot.org, autobuilders and
> whatnot) - And as pciutils hasn't been bumped since Nov 2013 people are
> quite likely to already have it in their dl/.
>
> As pciutils isn't really such a security sensitive package, I think we
> should wait with this until the version is bumped next time.
That shouldn't be a decisive factor, you're looking for consistency
besides security and it shouldn't reduce the effort in doing so.
I can argue that the security factor is indeed important, if you run
things as root (lspci, setpci) - which is common in embedded targets -
and the tarball installs a nifty backdoor then you probably wouldn't be
too happy about it.
I know it would be odd to use those tools outside development.
So compromise solution: switch to a new tarball format, that one isn't
cached anywhere.
Regards.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2014-10-16 14:06 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-10-14 23:24 [Buildroot] [PATCH 1/4] tftpd: add hash file Gustavo Zacarias
2014-10-14 23:24 ` [Buildroot] [PATCH 2/4] pciutils: " Gustavo Zacarias
2014-10-15 22:33 ` Peter Korsgaard
2014-10-16 14:06 ` Gustavo Zacarias
2014-10-14 23:24 ` [Buildroot] [PATCH 3/4] crda: " Gustavo Zacarias
2014-10-16 5:09 ` Peter Korsgaard
2014-10-14 23:24 ` [Buildroot] [PATCH 4/4] kmod: " Gustavo Zacarias
2014-10-16 5:11 ` Peter Korsgaard
2014-10-15 13:20 ` [Buildroot] [PATCH 1/4] tftpd: " Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox