download: handle possibly invalid local tarballs
authorPetr Štetiar <ynezz@true.cz>
Thu, 19 Nov 2020 15:32:46 +0000 (16:32 +0100)
committerPetr Štetiar <ynezz@true.cz>
Sat, 5 Dec 2020 19:50:19 +0000 (20:50 +0100)
commit605adb1023efda0c29d160839fccc20801b717cd
tree755bb66a7a8ecf958a460ac8d585c8d7894a07bd
parent5abe98947542cd9374912f895f057fe56f7036b8
download: handle possibly invalid local tarballs

Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.

From now on, we're going to always check the downloaded tarballs before
considering them valid.

Steps to reproduce:

 1. Remove cached tarball

   rm dl/libubox-2020-08-06-9e52171d.tar.xz

 2. Download valid tarball again

   make package/libubox/download

 3. Invalidate the tarball

   sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile

 4. Now compile with corrupt tarball source

   make package/libubox/{clean,compile}

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4e19cbc553350b8146985367ba46514cf50e3393)
include/host-build.mk
include/package.mk
scripts/download.pl