[Buildroot-users] how to force-check hash for extra file?

Arnout Vandecappelle arnout at mind.be
Wed Mar 26 11:04:40 UTC 2025 


On 26/03/2025 11:53, David Picard wrote:
> Actually, I just found how to make it work, by tweaking the URL:
> 
> <PKG>_EXTRA_DOWNLOADS = https://gitlab-ci-token:MyDeployToken@gitlab.in2p3.fr/ 
> api/v4/projects/MyProjectID/packages/generic/MyGitlabPackageName/ 
> $(<PKG>_FIRMWARE_VERSION)/socfpga.rbf
> 
> Buildroot does check the hash of socfpga.rbf.
> 
> Now, I just need to think over the unique file name.

  For gitlab, the URL extension definitely works:

<PKG>_EXTRA_DOWNLOADS = 
https://gitlab-ci-token:MyDeployToken@gitlab.in2p3.fr/api/v4/projects/MyProjectID/packages/generic/MyGitlabPackageName/$(<PKG>_FIRMWARE_VERSION)/socfpga.rbf?filename=/socfpga-v$(<PKG>_FIRMWARE_VERSION).rbf

...

define <PKG>_INSTALL_IMAGE_CMDS
	cp $(<PKG>_DL_DIR)/socfpga-v$(<PKG>_FIRMWARE_VERSION).rbf \
		$(IMAGES_DIR)/socfpga.rbf
endef

(all of the above written from memory so I probably have some mistakes in there).

  Regards,
  Arnout



> 
> Thanks,
> David
> 
> Le 26/03/2025 à 11:48, Arnout Vandecappelle a écrit :
>>
>>
>> On 26/03/2025 11:33, David Picard wrote:
>>> The problem is that the file is an asset, part of a GitLab release. So you 
>>> need to provide a deploy key to download it. Hence curl:
>>>
>>> curl --header 'DEPLOY-TOKEN: XXXX' <URL> --output <OUTPUT_FILE>
>>>
>>> Can I provide a deploy key in <pkg>_EXTRA_DOWNLOADS?
>>
>>  No, that's not possible for the moment... A workaround is to do the actual 
>> download in a pre-download hook, but still pass it in EXTRA_DOWNLOADS. Since 
>> the file already exists, no re-download is attempted (unless the hash is wrong).
>>
>>
>>  A better solution would be to extend the handling of URLs in the download 
>> infrastructure to make it possible to pass additional options to various 
>> download helpers. There are similarly things that would be good to be able to 
>> pass down to cargo/gomod post-processing.
>>
>>  It requires a bit of thinking though in order to do this well...
>>
>>
>>  Regards,
>>  Arnout
>>
>>
>>>
>>> David
>>>
>>> Le 26/03/2025 à 10:51, Thomas Petazzoni a écrit :
>>>> Hello David,
>>>>
>>>> On Wed, 26 Mar 2025 09:49:00 +0100
>>>> David Picard <david.picard at clermont.in2p3.fr> wrote:
>>>>
>>>>> In a home-made package, in addition to a Git repo, I need to download a
>>>>> binary file. I do it with curl in a pre or post download hook.
>>>>>
>>>>> I provided a .hash file for the package. Buildroot actually checks the
>>>>> Git tarball hash, but not the other file's. How can I force it ?
>>>> Use <pkg>_EXTRA_DOWNLOADS, instead of manually using curl in a pre or
>>>> post download hooks.
>>>>
>>>> Best regards,
>>>>
>>>> Thomas
>>>
>>
>

More information about the buildroot-users mailing list