diff options
author | Alexey Neyman <stilor@att.net> | 2017-10-01 03:37:22 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-01 03:37:22 (GMT) |
commit | f966dd855fd8984f333cf7da3c7c137794e1f34c (patch) | |
tree | bf0c6d296987c2e21b9ca77e1532c9fb8c5bdb96 /config | |
parent | f86adab1f41b2320c20ffe2e9ffe0c6d12954c33 (diff) | |
parent | ca45a8f9abd672189dbef5bcb242ac465df7b0f6 (diff) |
Merge pull request #837 from stilor/download-verify
Verification of the downloads
Diffstat (limited to 'config')
-rw-r--r-- | config/global/download.in | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/config/global/download.in b/config/global/download.in index fc79400..89b05ce 100644 --- a/config/global/download.in +++ b/config/global/download.in @@ -132,4 +132,49 @@ config MIRROR_BASE_URL endif # USE_MIRROR +config VERIFY_DOWNLOAD_DIGEST + bool "Verify download digests (checksums)" + default y + +if VERIFY_DOWNLOAD_DIGEST + +choice + prompt "Digest algorithm" + +config VERIFY_DOWNLOAD_DIGEST_SHA512 + bool "SHA-512" + +config VERIFY_DOWNLOAD_DIGEST_SHA256 + bool "SHA-256" + +config VERIFY_DOWNLOAD_DIGEST_SHA1 + bool "SHA-1" + +config VERIFY_DOWNLOAD_DIGEST_MD5 + bool "MD5" + +endchoice + +config VERIFY_DOWNLOAD_DIGEST_ALG + string + default "md5" if VERIFY_DOWNLOAD_DIGEST_MD5 + default "sha1" if VERIFY_DOWNLOAD_DIGEST_SHA1 + default "sha256" if VERIFY_DOWNLOAD_DIGEST_SHA256 + default "sha512" if VERIFY_DOWNLOAD_DIGEST_SHA512 + +endif # VERIFY_DOWNLOAD_DIGEST + +config VERIFY_DOWNLOAD_SIGNATURE + bool "Verify detached signatures" + help + Verify the signatures for the downloads where available. + This requires the public keys for all the packages used in the build + to be imported into a keyring on the build machine. + + Note that the validation will succeed so long as the signature + is known and valid, even if the signature is not trusted! GnuPG + issues a warning in this case, but ultimately reports that validation + succeeded. Check the log file if this is a concern; crosstool-NG + may add an option to verify this more paranoidally later. + endif # ! FORBID_DOWNLOAD |