[Buildroot] [PATCH 0/4] support/download: make the git backend more robust
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Apr 18 14:43:44 UTC 2018
Hello,
On Wed, 18 Apr 2018 10:28:24 -0300, Ricardo Martincoski wrote:
> Could be the case your build server has a blacklisted tar version and you run
> the commands in a clean output (actually without host-tar built)?
It is indeed the case (I have an old tar), and indeed building host-tar
first fixes the problem.
When I don't build host-tar, what happens is:
test at build:~/buildroot$ make host-squashfs-extract
>>> host-squashfs e38956b92f738518c29734399629e7cdb33072d3 Downloading
Initialized empty Git repository in /home/test/dl/squashfs/git/.git/
Fetching all references
remote: Counting objects: 8972, done.
remote: Total 8972 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (8972/8972), 1.56 MiB | 2.51 MiB/s, done.
Resolving deltas: 100% (6544/6544), done.
From https://git.kernel.org/pub/scm/fs/squashfs/squashfs-tools
* [new branch] lz4 -> origin/lz4
* [new branch] master -> origin/master
* [new branch] stable -> origin/stable
Could not fetch special ref 'e38956b92f738518c29734399629e7cdb33072d3'; assuming it is not special.
ERROR: squashfs-e38956b92f738518c29734399629e7cdb33072d3.tar.gz has wrong sha256 hash:
ERROR: expected: bd0aa3011320b8ebee68aa406060de277bef16daf81bad5b9f70cbea6db1a779
ERROR: got : c7a61e3bcabb716b268f5a341055ac5ecda8b9f2b42025f82926f201ff5c8881
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
So I assume it has used the system tar, which generates tar archives
whose hash doesn't match the one generated by "good" tar versions. Is
that the problem I was having ?
So, we indeed have a serious problem here. host-tar is not an extract
dependency, but a download dependency. Meh. Crap. This breaks several
things:
- make <foo>-source on Git packages from a clean build
- A regular build, if the first package downloaded is fetched from Git
and no other package has been extracted before. Indeed, in such a
case, host-tar would not yet be built/installed.
Gaaaah.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list