Martin Roth (martinroth@google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/13955
-gerrit
commit 2ac2d130379c0cc58b1e7d553d826b230451e52d Author: Martin Roth martinroth@google.com Date: Tue Mar 8 09:37:14 2016 -0700
crossgcc/buildgcc: Add comment about URLs and jenkins builder
Add a comment to try to lower possible confusion later if the jenkins tool builder fails to build a new tool. The URLs for the packages that are downloaded are checked against known locations so that someone can't maliciously download a package from somewhere and run it on the build server. This provides a little bit of security, but could confuse someone if they don't realize it.
Change-Id: I7858e3d86fc705b480f6792b6adf3d5349580e01 Signed-off-by: Martin Roth martinroth@google.com --- util/crossgcc/buildgcc | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc index df9ac4a..eef71e5 100755 --- a/util/crossgcc/buildgcc +++ b/util/crossgcc/buildgcc @@ -47,6 +47,9 @@ CLANG_VERSION=3.7.1 MAKE_VERSION=4.1
# GCC toolchain archive locations +# These are sanitized by the jenkins toolchain test builder, so if +# a completely new URL is added here, it probably needs to be added +# to the jenkins build as well, or the builder won't download it. GMP_ARCHIVE="http://ftpmirror.gnu.org/gmp/gmp-$%7BGMP_VERSION%7D.tar.bz2" MPFR_ARCHIVE="http://ftpmirror.gnu.org/mpfr/mpfr-$%7BMPFR_VERSION%7D.tar.bz2" MPC_ARCHIVE="http://ftpmirror.gnu.org/mpc/mpc-$%7BMPC_VERSION%7D.tar.gz"