[PATCH] tool-chain build: Signature verification

Stephan Mueller Fri, 24 May 2013 02:45:14 -0700

Hi,

please find attached a patch against tool-chain and a supporting shell
script to perform signature verification of the downloaded bits for
building the tool chain.


Signed-off-by: Stephan Mueller <[email protected]>

--- tool_chain.orig	2013-05-24 09:13:44.125242920 +0200
+++ tool_chain	2013-05-24 11:00:12.789121673 +0200
@@ -133,6 +133,13 @@ $(error Need to have 'autogen' installed
 endif
 
 #
+# Check if 'gpg' is installed
+#
+ifeq ($(shell which gpg)),)
+$(error Need to have 'gpg' installed.)
+endif
+
+#
 # Libc stub
 #
 
@@ -311,22 +318,32 @@ $(DOWNLOAD_DIR):
 $(DOWNLOAD_DIR)/$(BINUTILS_DOWNLOAD_TBZ2): $(DOWNLOAD_DIR)
 	$(ECHO) "$(BRIGHT_COL)downloading binutils...$(DEFAULT_COL)"
 	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(BINUTILS_DOWNLOAD_URL)/$(BINUTILS_DOWNLOAD_TBZ2) && touch $@
+	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(BINUTILS_DOWNLOAD_URL)/$(BINUTILS_DOWNLOAD_TBZ2).sig && touch $@
+	./tool_chain_sigver $(DOWNLOAD_DIR)/$(BINUTILS_DOWNLOAD_TBZ2) $(DOWNLOAD_DIR)/$(BINUTILS_DOWNLOAD_TBZ2).sig
 
 $(DOWNLOAD_DIR)/gcc-$(GCC_VERSION).tar.bz2: $(DOWNLOAD_DIR)
 	$(ECHO) "$(BRIGHT_COL)downloading gcc...$(DEFAULT_COL)"
 	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GCC_DOWNLOAD_URL)/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.bz2 && touch $@
+	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GCC_DOWNLOAD_URL)/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.bz2.sig && touch $@
+	./tool_chain_sigver $(DOWNLOAD_DIR)/gcc-$(GCC_VERSION).tar.bz2 $(DOWNLOAD_DIR)/gcc-$(GCC_VERSION).tar.bz2.sig
 
 $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2: $(DOWNLOAD_DIR)
 	$(ECHO) "$(BRIGHT_COL)downloading gmp...$(DEFAULT_COL)"
 	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GMP_DOWNLOAD_URL)/gmp-$(GMP_VERSION).tar.bz2 && touch $@
+	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GMP_DOWNLOAD_URL)/gmp-$(GMP_VERSION).tar.bz2.sig && touch $@
+	./tool_chain_sigver $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2 $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2.sig
 
 $(DOWNLOAD_DIR)/mpfr-$(MPFR_VERSION).tar.bz2: $(DOWNLOAD_DIR)
 	$(ECHO) "$(BRIGHT_COL)downloading mpfr...$(DEFAULT_COL)"
 	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPFR_DOWNLOAD_URL)/mpfr-$(MPFR_VERSION).tar.bz2 && touch $@
+	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPFR_DOWNLOAD_URL)/mpfr-$(MPFR_VERSION).tar.bz2.sig && touch $@
+	./tool_chain_sigver $(DOWNLOAD_DIR)/mpfr-$(MPFR_VERSION).tar.bz2 $(DOWNLOAD_DIR)/mpfr-$(MPFR_VERSION).tar.bz2.sig
 
 $(DOWNLOAD_DIR)/mpc-$(MPC_VERSION).tar.gz: $(DOWNLOAD_DIR)
 	$(ECHO) "$(BRIGHT_COL)downloading mpc...$(DEFAULT_COL)"
 	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPC_DOWNLOAD_URL)/mpc-$(MPC_VERSION).tar.gz && touch $@
+	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(MPC_DOWNLOAD_URL)/mpc-$(MPC_VERSION).tar.gz.asc && touch $@
+	./tool_chain_sigver $(DOWNLOAD_DIR)/mpc-$(MPC_VERSION).tar.gz $(DOWNLOAD_DIR)/mpc-$(MPC_VERSION).tar.gz.asc
 
 $(CONTRIB_DIR)/gmp-$(GMP_VERSION)/configure: $(DOWNLOAD_DIR)/gmp-$(GMP_VERSION).tar.bz2
 	$(ECHO) "$(BRIGHT_COL)unpacking gmp...$(DEFAULT_COL)"
@@ -442,6 +459,8 @@ $(GCC_INSTALLED_BINARIES): $(GCC_BINARIE
 $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2: $(DOWNLOAD_DIR)
 	$(ECHO) "$(BRIGHT_COL)downloading gdb...$(DEFAULT_COL)"
 	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GDB_DOWNLOAD_URL)/gdb-$(GDB_VERSION).tar.bz2 && touch $@
+	$(VERBOSE)wget -c -P $(DOWNLOAD_DIR) $(GDB_DOWNLOAD_URL)/gdb-$(GDB_VERSION).tar.bz2.sig && touch $@
+	./tool_chain_sigver $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2 $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2.sig
 
 $(CONTRIB_DIR)/gdb-$(GDB_VERSION): $(DOWNLOAD_DIR)/gdb-$(GDB_VERSION).tar.bz2
 	$(ECHO) "$(BRIGHT_COL)unpacking gdb...$(DEFAULT_COL)"

tool_chain_sigver
Description: Binary data

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may

_______________________________________________
Genode-main mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/genode-main

[PATCH] tool-chain build: Signature verification

Reply via email to