OrgZephyr/zephyr
OrgZephyr
/
zephyr
mirror of https://github.com/zephyrproject-rtos/zephyr.git
1
0
Fork 0
Code Issues Releases Wiki Activity
zephyr/scripts/west_commands
History
Christophe Dufaza 2b2a0e04b2 west: blobs: verify fetched blobs after downloading 
Running 'west blobs fetch' does not verify the digest of downloaded files:
1. if the checksum of the previously downloaded file does match
   that in the blob metadata (status BLOB_PRESENT), do nothing
2. if the checksum of the previously downloaded file does not match
   that in the blob metadata (status BLOB_OUTDATED),
   download the "up to date" file
3. if the blob has not yet been downloaded (status BLOB_NOT_PRESENT),
   download it

None of the 2) and 3) code paths will verify that the checksum of the file
just downloaded actually matches the digest in the blob's metadata.

In the event that the metadata of a module is incorrect, then the user
will not notice anything, and may rely on an unexpected binary,
e.g. a static library for a different architecture.

According to the Binary Blobs documentation [1], the expected
behavior is to check the blob digest after downloading.

[1] Fetching blobs, Zephyr 3.6.0 (still applies to Zephyr 3.7.0rc3)
docs.zephyrproject.org/3.6.0/contribute/bin_blobs.html#fetching-blobs

Signed-off-by: Christophe Dufaza <chris@openmarl.org>
 		2024-07-30 18:29:39 +01:00
..
completion west: Update fish completion for `boards` 2024-07-30 18:25:28 +01:00
fetchers
runners scripts: west_commands: nrfjprog: Change tool-opt help text 2024-07-27 15:19:39 +03:00
tests
zspdx
README.txt
bindesc.py
blobs.py west: blobs: verify fetched blobs after downloading 2024-07-30 18:29:39 +01:00
boards.py west: add vendor to boards format 2024-07-30 18:25:28 +01:00
build.py west: update build extension command to use APP_DIR 2024-06-17 12:09:45 -04:00
build_helpers.py
completion.py
debug.py
export.py
flash.py
mypy.ini
robot.py
run_common.py west : runners : Fix error message when runners.yaml is not found. 2024-06-28 12:23:18 -04:00
run_tests.py
shields.py
sign.py
simulate.py
spdx.py
twister_cmd.py
zcmake.py
zephyr_ext_common.py

README.txt 

This directory contains implementations for west commands which are
tightly coupled to the zephyr tree. This includes the build, flash,
and debug commands.

Before adding more here, consider whether you might want to put new
extensions in upstream west. For example, any commands which operate
on the multi-repo need to be in upstream west, not here. Try to limit
what goes in here to Zephyr-specific features.

When extending this code, please keep the unit tests (in tests/) up to
date. The mypy static type checker is also run on the runners package.

To run these tests locally on Windows, run:

   py -3 run_tests.py

On macOS and Linux:

   ./run_tests.py

Note that these tests are run as part of Zephyr's CI when submitting
an upstream pull request, and pull requests which break the tests
cannot be merged.

Thanks!