carl9170: Add and check SHA-256 sums for the toolchain tarballs

The sums for binutils and gcc are based on an HTTPS download (instead
of the default HTTP).

newlib doesn't seem to be available with any kind of signature, so I
compared a tarball and CVS checkout; let's hope they weren't both
compromised.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This commit is contained in:
Ben Hutchings 2013-01-14 02:41:56 +00:00
parent 2837f7bf89
commit 9f43b7a6b0
2 changed files with 14 additions and 0 deletions

View File

@ -12,16 +12,27 @@ GCC_TAR=gcc-$(GCC_VER).tar.bz2
BASEDIR=$(shell pwd) BASEDIR=$(shell pwd)
define checksum
@if grep -q ' $(subst .,\.,$(1))$$' SHA256SUMS; then \
grep ' $(subst .,\.,$(1))$$' SHA256SUMS | sha256sum -c; \
else \
echo "WARNING: no checksum defined for $(1)"; \
fi
endef
all: gcc all: gcc
src/$(BINUTILS_TAR): src/$(BINUTILS_TAR):
wget -P src $(BINUTILS_URL) wget -P src $(BINUTILS_URL)
$(call checksum,$@)
src/$(NEWLIB_TAR): src/$(NEWLIB_TAR):
wget -P src $(NEWLIB_URL) wget -P src $(NEWLIB_URL)
$(call checksum,$@)
src/$(GCC_TAR): src/$(GCC_TAR):
wget -P src $(GCC_URL) wget -P src $(GCC_URL)
$(call checksum,$@)
src/binutils-$(BINUTILS_VER): src/$(BINUTILS_TAR) src/binutils-$(BINUTILS_VER): src/$(BINUTILS_TAR)
tar -C src -xjf $< tar -C src -xjf $<

View File

@ -0,0 +1,3 @@
6c7af8ed1c8cf9b4b9d6e6fe09a3e1d3d479fe63984ba8b9b26bf356b6313ca9 src/binutils-2.22.tar.bz2
16093f6fa01732adf378d97fe338f113c933bdf56da22bf87c76beff13da406f src/gcc-4.7.1.tar.bz2
c644b2847244278c57bec2ddda69d8fab5a7c767f3b9af69aa7aa3da823ff692 src/newlib-1.20.0.tar.gz