92d483a892
This patch implements a relatively simple hash-based verification scheme for downloaded files (tarballs): After buildgcc downloads a file or notices that it has already been downloaded, it hashes the file, and compares the hash against the known hash stored in util/crossgcc/sum/$filename.cksum. Two errors can occur: 1. The hash file is missing. In this case, crossgcc asks the user to verify the authenticity of the downloaded file. It also calculates its hash and stores it in util/crossgcc/sum/$filename.cksum.calc. If the file is authentic, the user may rename the calculated hash file to $filename.cksum, so that it can be found the next time buildgcc is started. 2. The known hash and the calculated hash differ. This is the case that this patch seeks to protect against, because it may imply that the downloaded file was unexpectedly changed, either in transit (Man-in-the-Middle attack) or on the file server that it was downloaded from. If buildgcc detects such a hash mismatch, it asks the user to delete the downloaded file and retry, because it can also be caused by a benign network error. If, however, the error persists, buildgcc can't continue without risking that the user runs malicious code, and it stops. Note: The hash algorithm may be changed in the future, but for now I left it at SHA-1, to avoid bloating this patch. Change-Id: I0d5d67b34684d02011a845d00f6f5b6769f43b4f Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net> Reviewed-on: https://review.coreboot.org/21592 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Patrick Georgi <pgeorgi@google.com> |
||
---|---|---|
.. | ||
patches | ||
sum | ||
Dockerfile | ||
Makefile | ||
Makefile.inc | ||
README | ||
buildgcc | ||
getopt.c |
README
README ------ This is a cross toolchain builder for -elf toolchains (ie. no libc support) known working: i386-elf x86_64-elf powerpc-elf mipsel-elf arm-elf armv7a-eabi aarch64-elf known broken: alpha-elf powerpc64-elf