mirror of
https://github.com/zephyrproject-rtos/zephyr
synced 2025-08-18 01:55:22 +00:00
9739759fef
Running 'west blobs fetch' does not verify the digest of downloaded files:
1. if the checksum of the previously downloaded file does match
that in the blob metadata (status BLOB_PRESENT), do nothing
2. if the checksum of the previously downloaded file does not match
that in the blob metadata (status BLOB_OUTDATED),
download the "up to date" file
3. if the blob has not yet been downloaded (status BLOB_NOT_PRESENT),
download it
None of the 2) and 3) code paths will verify that the checksum of the file
just downloaded actually matches the digest in the blob's metadata.
In the event that the metadata of a module is incorrect, then the user
will not notice anything, and may rely on an unexpected binary,
e.g. a static library for a different architecture.
According to the Binary Blobs documentation [1], the expected
behavior is to check the blob digest after downloading.
[1] Fetching blobs, Zephyr 3.6.0 (still applies to Zephyr 3.7.0rc3)
docs.zephyrproject.org/3.6.0/contribute/bin_blobs.html#fetching-blobs
Signed-off-by: Christophe Dufaza <chris@openmarl.org>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| build | ||
| checkpatch | ||
| ci | ||
| coccinelle | ||
| coredump | ||
| dts | ||
| footprint | ||
| generate_usb_vif | ||
| gitlint | ||
| kconfig | ||
| logging/dictionary | ||
| native_simulator | ||
| net | ||
| pylib | ||
| pylint/checkers | ||
| release | ||
| schemas | ||
| support | ||
| tests | ||
| tracing | ||
| utils | ||
| west_commands | ||
| .gitignore | ||
| checkpatch.pl | ||
| checkstack.pl | ||
| coccicheck | ||
| dump_bugs_pickle.py | ||
| gen_gcov_files.py | ||
| get_maintainer.py | ||
| github_helpers.py | ||
| list_boards.py | ||
| list_hardware.py | ||
| list_shields.py | ||
| make_bugs_pickle.py | ||
| requirements-base.txt | ||
| requirements-build-test.txt | ||
| requirements-compliance.txt | ||
| requirements-extras.txt | ||
| requirements-run-test.txt | ||
| requirements.txt | ||
| series-push-hook.sh | ||
| set_assignees.py | ||
| snippets.py | ||
| spelling.txt | ||
| tags.sh | ||
| twister | ||
| valgrind.supp | ||
| west-commands.yml | ||
| zephyr_module.py | ||