[Buildroot] [PATCH 1/1] Allow users to specifiy a hash file to verify custom linux kernels and custom kernel headers
Ian Merin
Ian.Merin at entrust.com
Fri Jun 11 17:20:52 UTC 2021
>From 9873437ad7b4f4e95f970e843a7ed908603c25d7 Mon Sep 17 00:00:00 2001
From: Ian Merin <Ian.Merin at nCipher.com>
Date: Fri, 11 Jun 2021 13:02:18 -0400
Subject: [PATCH 1/1] Allow users to specifiy a hash file to verify custom
linux kernels and custom kernel headers
linux/Config.in: add linux_kernel_custom_hash options
linux/linux.mk: add ability to override hash file
package/linux-headers/Config.in.host: add kernel_headers_custom_hash options
package/linux-headers/linux-headers.mk: add ability to override hash file
package/pkg-generic.mk: don't use default hash file if it is already set
Signed-off-by: Ian Merin <Ian.Merin at nCipher.com>
Signed-off-by: Ian Merin <Ian.Merin at entrust.com>
---
linux/Config.in | 12 ++++++++++++
linux/linux.mk | 4 ++++
package/linux-headers/Config.in.host | 12 ++++++++++++
package/linux-headers/linux-headers.mk | 18 ++++++++++++++++++
package/pkg-generic.mk | 17 +++++++++++------
5 files changed, 57 insertions(+), 6 deletions(-)
diff --git a/linux/Config.in b/linux/Config.in
index c893c8dc82..8955c1994b 100644
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -123,6 +123,18 @@ config BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION
endif
+config BR2_LINUX_KERNEL_CUSTOM_HASH
+ bool "Enable checking of custom hash file for linux kernel"
+ default n
+ depends on !BR2_LINUX_KERNEL_LATEST_VERSION && \
+ !BR2_LINUX_KERNEL_LATEST_CIP_VERSION && !BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
+ help
+ This option allows to specify a file containing hashes for your kernel version if using a non default kernel version
+
+config BR2_LINUX_KERNEL_CUSTOM_HASH_FILE
+ string "path of custom linux.hash file"
+ depends on BR2_LINUX_KERNEL_CUSTOM_HASH
+
config BR2_LINUX_KERNEL_VERSION
string
default "5.12.4" if BR2_LINUX_KERNEL_LATEST_VERSION
diff --git a/linux/linux.mk b/linux/linux.mk
index 1457228eb9..203d46a93b 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -54,8 +54,12 @@ endif
endif
ifeq ($(BR2_LINUX_KERNEL)$(BR2_LINUX_KERNEL_LATEST_VERSION),y)
+ifeq ($(BR2_LINUX_KERNEL_CUSTOM_HASH),y)
+LINUX_HASH_FILE = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_HASH_FILE))
+else
BR_NO_CHECK_HASH_FOR += $(LINUX_SOURCE)
endif
+endif
LINUX_PATCHES = $(call qstrip,$(BR2_LINUX_KERNEL_PATCH))
diff --git a/package/linux-headers/Config.in.host b/package/linux-headers/Config.in.host
index b68567deeb..991bdc957a 100644
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -97,6 +97,18 @@ config BR2_KERNEL_HEADERS_CUSTOM_GIT
endchoice
+config BR2_KERNEL_HEADERS_CUSTOM_HASH
+ bool "Custom hash"
+ default n
+ depends on BR2_KERNEL_HEADERS_AS_KERNEL || BR2_KERNEL_HEADERS_VERSION || \
+ BR2_KERNEL_HEADERS_CUSTOM_TARBALL || BR2_KERNEL_HEADERS_CUSTOM_GIT
+ help
+ This option allows to specify a file containing hashes for your kernel version
+
+config BR2_KERNEL_HEADERS_CUSTOM_HASH_FILE
+ string "path of custom linux.hash file"
+ depends on BR2_KERNEL_HEADERS_CUSTOM_HASH
+
# Select this for the latest kernel headers version (for license hashes)
config BR2_KERNEL_HEADERS_LATEST
bool
diff --git a/package/linux-headers/linux-headers.mk b/package/linux-headers/linux-headers.mk
index a8d1c2ccaf..9d216922c3 100644
--- a/package/linux-headers/linux-headers.mk
+++ b/package/linux-headers/linux-headers.mk
@@ -10,6 +10,15 @@
# Set variables depending on whether we are using headers from a kernel
# build or a standalone header package.
ifeq ($(BR2_KERNEL_HEADERS_AS_KERNEL),y)
+LINUX_HEADERS_CUSTOM_HASH = $(BR2_LINUX_KERNEL_CUSTOM_HASH)
+LINUX_HEADERS_CUSTOM_HASH_FILE = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_HASH_FILE))
+# Are we using a custom kernel version?
+ifeq ($(BR2_LINUX_KERNEL)$(BR2_LINUX_KERNEL_LATEST_VERSION),y)
+# Use the custom hash file, if provided
+ifeq ($(BR2_LINUX_KERNEL_CUSTOM_HASH),y)
+LINUX_HEADERS_HASH_FILE = $(LINUX_HEADERS_CUSTOM_HASH_FILE)
+endif # BR2_LINUX_KERNEL_CUSTOM_HASH
+endif # BR2_LINUX_KERNEL, BR2_LINUX_KERNEL_LATEST_VERSION
LINUX_HEADERS_CUSTOM_TARBALL = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_TARBALL))
LINUX_HEADERS_CUSTOM_GIT = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_GIT))
LINUX_HEADERS_CUSTOM_HG = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_HG))
@@ -23,6 +32,8 @@ $(error LINUX_HEADERS_OVERRIDE_SRCDIR must not be set when BR2_KERNEL_HEADERS_AS
endif
LINUX_HEADERS_OVERRIDE_SRCDIR = $(LINUX_OVERRIDE_SRCDIR)
else # ! BR2_KERNEL_HEADERS_AS_KERNEL
+LINUX_HEADERS_CUSTOM_HASH = $(BR2_KERNEL_HEADERS_CUSTOM_HASH)
+LINUX_HEADERS_CUSTOM_HASH_FILE = $(call qstrip,$(BR2_KERNEL_HEADERS_CUSTOM_HASH_FILE))
LINUX_HEADERS_CUSTOM_TARBALL = $(call qstrip,$(BR2_KERNEL_HEADERS_CUSTOM_TARBALL))
LINUX_HEADERS_CUSTOM_GIT = $(call qstrip,$(BR2_KERNEL_HEADERS_CUSTOM_GIT))
LINUX_HEADERS_CUSTOM_HG =
@@ -91,10 +102,17 @@ endef
LINUX_HEADERS_POST_PATCH_HOOKS += LINUX_HEADERS_APPLY_LOCAL_PATCHES
endif # BR2_KERNEL_HEADERS_AS_KERNEL
+
+
# Skip hash checking for custom kernel headers.
ifeq ($(BR2_KERNEL_HEADERS_VERSION)$(BR2_KERNEL_HEADERS_CUSTOM_TARBALL)$(BR2_KERNEL_HEADERS_CUSTOM_GIT),y)
+# Unless the user has specified an external hash file
+ifeq ($(LINUX_HEADERS_CUSTOM_HASH),y)
+LINUX_HEADERS_HASH_FILE = LINUX_HEADERS_CUSTOM_HASH_FILE
+else
BR_NO_CHECK_HASH_FOR += $(LINUX_HEADERS_SOURCE)
endif
+endif
# linux-headers really is the same as the linux package
LINUX_HEADERS_DL_SUBDIR = linux
diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk
index 9fbc63d19e..5d5b479fcf 100644
--- a/package/pkg-generic.mk
+++ b/package/pkg-generic.mk
@@ -474,12 +474,17 @@ else
$(2)_DL_VERSION := $$(strip $$($(2)_VERSION))
endif
$(2)_VERSION := $$(call sanitize,$$($(2)_DL_VERSION))
-
-$(2)_HASH_FILE = \
- $$(strip \
- $$(if $$(wildcard $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash),\
- $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash,\
- $$($(2)_PKGDIR)/$$($(2)_RAWNAME).hash))
+ifndef $(2)_HASH_FILE
+ ifdef $(3)_HASH_FILE
+ $(2)_HASH_FILE = $$($(3)_HASH_FILE)
+ else
+ $(2)_HASH_FILE = \
+ $$(strip \
+ $$(if $$(wildcard $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash),\
+ $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash,\
+ $$($(2)_PKGDIR)/$$($(2)_RAWNAME).hash))
+ endif
+endif
ifdef $(3)_OVERRIDE_SRCDIR
$(2)_OVERRIDE_SRCDIR ?= $$($(3)_OVERRIDE_SRCDIR)
--
2.17.1
More information about the buildroot
mailing list