GPG signature verification of tool chain
The downloaded archives for building the tool chain are checked for its signature before using them. In case of a signature failure, the build is interrupted. Issue #748
This commit is contained in:
parent
4c89f4f00f
commit
4f52e793a0
|
@ -69,6 +69,7 @@ MPC_VERSION = 0.9
|
||||||
INSTALL_LOCATION = /usr/local/genode-gcc
|
INSTALL_LOCATION = /usr/local/genode-gcc
|
||||||
DOWNLOAD_DIR = download
|
DOWNLOAD_DIR = download
|
||||||
CONTRIB_DIR = contrib
|
CONTRIB_DIR = contrib
|
||||||
|
SIGVERIFIER = $(GENODE_DIR)/tool/download_sigver
|
||||||
|
|
||||||
BINUTILS_DOWNLOAD_TBZ2 = binutils-$(BINUTILS_VERSION).tar.bz2
|
BINUTILS_DOWNLOAD_TBZ2 = binutils-$(BINUTILS_VERSION).tar.bz2
|
||||||
|
|
||||||
|
@ -132,6 +133,13 @@ ifeq ($(shell which autogen)),)
|
||||||
$(error Need to have 'autogen' installed.)
|
$(error Need to have 'autogen' installed.)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
#
|
||||||
|
# Check if 'gpg' is installed
|
||||||
|
#
|
||||||
|
ifeq ($(shell which gpg)),)
|
||||||
|
$(error Need to have 'gpg' installed.)
|
||||||
|
endif
|
||||||
|
|
||||||
#
|
#
|
||||||
# Libc stub
|
# Libc stub
|
||||||
#
|
#
|
||||||
|
@ -311,22 +319,33 @@ $(DOWNLOAD_DIR):
|
||||||
$(DOWNLOAD_DIR)/$(BINUTILS_DOWNLOAD_TBZ2): $(DOWNLOAD_DIR)
|
$(DOWNLOAD_DIR)/$(BINUTILS_DOWNLOAD_TBZ2): $(DOWNLOAD_DIR)
|
||||||
$(ECHO) "$(BRIGHT_COL)downloading binutils...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)downloading binutils...$(DEFAULT_COL)"
|
||||||
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(BINUTILS_DOWNLOAD_URL)/$(BINUTILS_DOWNLOAD_TBZ2) && touch $@
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(BINUTILS_DOWNLOAD_URL)/$(BINUTILS_DOWNLOAD_TBZ2) && touch $@
|
||||||
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(BINUTILS_DOWNLOAD_URL)/$(BINUTILS_DOWNLOAD_TBZ2).sig && touch $@
|
||||||
|
$(VERBOSE)$(SIGVERIFIER) $(DOWNLOAD_DIR)/$(BINUTILS_DOWNLOAD_TBZ2) $(DOWNLOAD_DIR)/$(BINUTILS_DOWNLOAD_TBZ2).sig GNU
|
||||||
|
|
||||||
$(DOWNLOAD_DIR)/gcc-$(GCC_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
$(DOWNLOAD_DIR)/gcc-$(GCC_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
||||||
$(ECHO) "$(BRIGHT_COL)downloading gcc...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)downloading gcc...$(DEFAULT_COL)"
|
||||||
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GCC_DOWNLOAD_URL)/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.bz2 && touch $@
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GCC_DOWNLOAD_URL)/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.bz2 && touch $@
|
||||||
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GCC_DOWNLOAD_URL)/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.bz2.sig && touch $@
|
||||||
|
$(VERBOSE)$(SIGVERIFIER) $(DOWNLOAD_DIR)/gcc-$(GCC_VERSION).tar.bz2 $(DOWNLOAD_DIR)/gcc-$(GCC_VERSION).tar.bz2.sig GNU
|
||||||
|
|
||||||
$(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
$(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
||||||
$(ECHO) "$(BRIGHT_COL)downloading gmp...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)downloading gmp...$(DEFAULT_COL)"
|
||||||
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GMP_DOWNLOAD_URL)/gmp-$(GMP_VERSION).tar.bz2 && touch $@
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GMP_DOWNLOAD_URL)/gmp-$(GMP_VERSION).tar.bz2 && touch $@
|
||||||
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GMP_DOWNLOAD_URL)/gmp-$(GMP_VERSION).tar.bz2.sig && touch $@
|
||||||
|
$(VERBOSE)$(SIGVERIFIER) $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2 $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2.sig GNU
|
||||||
|
|
||||||
$(DOWNLOAD_DIR)/mpfr-$(MPFR_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
$(DOWNLOAD_DIR)/mpfr-$(MPFR_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
||||||
$(ECHO) "$(BRIGHT_COL)downloading mpfr...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)downloading mpfr...$(DEFAULT_COL)"
|
||||||
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPFR_DOWNLOAD_URL)/mpfr-$(MPFR_VERSION).tar.bz2 && touch $@
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPFR_DOWNLOAD_URL)/mpfr-$(MPFR_VERSION).tar.bz2 && touch $@
|
||||||
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPFR_DOWNLOAD_URL)/mpfr-$(MPFR_VERSION).tar.bz2.sig && touch $@
|
||||||
|
$(VERBOSE)$(SIGVERIFIER) $(DOWNLOAD_DIR)/mpfr-$(MPFR_VERSION).tar.bz2 $(DOWNLOAD_DIR)/mpfr-$(MPFR_VERSION).tar.bz2.sig
|
||||||
|
|
||||||
$(DOWNLOAD_DIR)/mpc-$(MPC_VERSION).tar.gz: $(DOWNLOAD_DIR)
|
$(DOWNLOAD_DIR)/mpc-$(MPC_VERSION).tar.gz: $(DOWNLOAD_DIR)
|
||||||
$(ECHO) "$(BRIGHT_COL)downloading mpc...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)downloading mpc...$(DEFAULT_COL)"
|
||||||
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPC_DOWNLOAD_URL)/mpc-$(MPC_VERSION).tar.gz && touch $@
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPC_DOWNLOAD_URL)/mpc-$(MPC_VERSION).tar.gz && touch $@
|
||||||
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPC_DOWNLOAD_URL)/mpc-$(MPC_VERSION).tar.gz.asc && touch $@
|
||||||
|
# GPG key from http://www.multiprecision.org/index.php?prog=mpc&page=download
|
||||||
|
$(VERBOSE)$(SIGVERIFIER) $(DOWNLOAD_DIR)/mpc-$(MPC_VERSION).tar.gz $(DOWNLOAD_DIR)/mpc-$(MPC_VERSION).tar.gz.asc AD17A21EF8AED8F1CC02DBD9F7D5C9BF765C61E3
|
||||||
|
|
||||||
$(CONTRIB_DIR)/gmp-$(GMP_VERSION)/configure: $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2
|
$(CONTRIB_DIR)/gmp-$(GMP_VERSION)/configure: $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2
|
||||||
$(ECHO) "$(BRIGHT_COL)unpacking gmp...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)unpacking gmp...$(DEFAULT_COL)"
|
||||||
|
@ -442,6 +461,8 @@ $(GCC_INSTALLED_BINARIES): $(GCC_BINARIES)
|
||||||
$(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
$(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2: $(DOWNLOAD_DIR)
|
||||||
$(ECHO) "$(BRIGHT_COL)downloading gdb...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)downloading gdb...$(DEFAULT_COL)"
|
||||||
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GDB_DOWNLOAD_URL)/gdb-$(GDB_VERSION).tar.bz2 && touch $@
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GDB_DOWNLOAD_URL)/gdb-$(GDB_VERSION).tar.bz2 && touch $@
|
||||||
|
$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GDB_DOWNLOAD_URL)/gdb-$(GDB_VERSION).tar.bz2.sig && touch $@
|
||||||
|
$(VERBOSE)$(SIGVERIFIER) $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2 $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2.sig GNU
|
||||||
|
|
||||||
$(CONTRIB_DIR)/gdb-$(GDB_VERSION): $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2
|
$(CONTRIB_DIR)/gdb-$(GDB_VERSION): $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2
|
||||||
$(ECHO) "$(BRIGHT_COL)unpacking gdb...$(DEFAULT_COL)"
|
$(ECHO) "$(BRIGHT_COL)unpacking gdb...$(DEFAULT_COL)"
|
||||||
|
|
Loading…
Reference in New Issue