carl9170: Add and check SHA-256 sums for the toolchain tarballs
The sums for binutils and gcc are based on an HTTPS download (instead of the default HTTP). newlib doesn't seem to be available with any kind of signature, so I compared a tarball and CVS checkout; let's hope they weren't both compromised. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This commit is contained in:
parent
2837f7bf89
commit
9f43b7a6b0
|
@ -12,16 +12,27 @@ GCC_TAR=gcc-$(GCC_VER).tar.bz2
|
||||||
|
|
||||||
BASEDIR=$(shell pwd)
|
BASEDIR=$(shell pwd)
|
||||||
|
|
||||||
|
define checksum
|
||||||
|
@if grep -q ' $(subst .,\.,$(1))$$' SHA256SUMS; then \
|
||||||
|
grep ' $(subst .,\.,$(1))$$' SHA256SUMS | sha256sum -c; \
|
||||||
|
else \
|
||||||
|
echo "WARNING: no checksum defined for $(1)"; \
|
||||||
|
fi
|
||||||
|
endef
|
||||||
|
|
||||||
all: gcc
|
all: gcc
|
||||||
|
|
||||||
src/$(BINUTILS_TAR):
|
src/$(BINUTILS_TAR):
|
||||||
wget -P src $(BINUTILS_URL)
|
wget -P src $(BINUTILS_URL)
|
||||||
|
$(call checksum,$@)
|
||||||
|
|
||||||
src/$(NEWLIB_TAR):
|
src/$(NEWLIB_TAR):
|
||||||
wget -P src $(NEWLIB_URL)
|
wget -P src $(NEWLIB_URL)
|
||||||
|
$(call checksum,$@)
|
||||||
|
|
||||||
src/$(GCC_TAR):
|
src/$(GCC_TAR):
|
||||||
wget -P src $(GCC_URL)
|
wget -P src $(GCC_URL)
|
||||||
|
$(call checksum,$@)
|
||||||
|
|
||||||
src/binutils-$(BINUTILS_VER): src/$(BINUTILS_TAR)
|
src/binutils-$(BINUTILS_VER): src/$(BINUTILS_TAR)
|
||||||
tar -C src -xjf $<
|
tar -C src -xjf $<
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
6c7af8ed1c8cf9b4b9d6e6fe09a3e1d3d479fe63984ba8b9b26bf356b6313ca9 src/binutils-2.22.tar.bz2
|
||||||
|
16093f6fa01732adf378d97fe338f113c933bdf56da22bf87c76beff13da406f src/gcc-4.7.1.tar.bz2
|
||||||
|
c644b2847244278c57bec2ddda69d8fab5a7c767f3b9af69aa7aa3da823ff692 src/newlib-1.20.0.tar.gz
|
Loading…
Reference in New Issue