The sums for binutils and gcc are based on an HTTPS download (instead
of the default HTTP).
newlib doesn't seem to be available with any kind of signature, so I
compared a tarball and CVS checkout; let's hope they weren't both
compromised.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
BASEDIR=$(shell pwd)
+define checksum
+@if grep -q ' $(subst .,\.,$(1))$$' SHA256SUMS; then \
+ grep ' $(subst .,\.,$(1))$$' SHA256SUMS | sha256sum -c; \
+else \
+ echo "WARNING: no checksum defined for $(1)"; \
+fi
+endef
+
all: gcc
src/$(BINUTILS_TAR):
wget -P src $(BINUTILS_URL)
+ $(call checksum,$@)
src/$(NEWLIB_TAR):
wget -P src $(NEWLIB_URL)
+ $(call checksum,$@)
src/$(GCC_TAR):
wget -P src $(GCC_URL)
+ $(call checksum,$@)
src/binutils-$(BINUTILS_VER): src/$(BINUTILS_TAR)
tar -C src -xf $<
--- /dev/null
+6c7af8ed1c8cf9b4b9d6e6fe09a3e1d3d479fe63984ba8b9b26bf356b6313ca9 src/binutils-2.22.tar.bz2
+16093f6fa01732adf378d97fe338f113c933bdf56da22bf87c76beff13da406f src/gcc-4.7.1.tar.bz2
+c644b2847244278c57bec2ddda69d8fab5a7c767f3b9af69aa7aa3da823ff692 src/newlib-1.20.0.tar.gz
+2ab2e5b03e086d12c6295f831adad46b3e1410a3a234933a2e8fac66cb2e7a19 src/binutils-2.23.1.tar.bz2
+8a9283d7010fb9fe5ece3ca507e0af5c19412626384f8a5e9434251ae100b084 src/gcc-4.7.2.tar.bz2
+49c29e9129325e7c3b221aa829743ddcd796d024440e47c80fc0d6769af72d8a src/newlib-2.0.0.tar.gz
+
projects / carl9170fw.git / commitdiff