[coreboot-gerrit] Patch set updated for coreboot: util/crossgcc: Toolchain verified sources

1 Dec 2016

Philipp Deppenwiese (zaolin.daisuki@googlemail.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15170
-gerrit
commit cff9e5a3693cf8eb935ac885242d3f8daf98e162
Author: Philipp Deppenwiese zaolin@das-labor.org
Date:   Mon Jun 13 17:01:07 2016 -0700
util/crossgcc: Toolchain verified sources
Currently there is no toolchain verification in coreboot.
    This patchset extends the existing buildgcc script in the following way:
Before download or unpack operations the checksum of all used packages
    are checked against the trustworthy checksums in util/crossgcc/sum.
With the option -g checksum can be automatically generated for
    updated packages as long they support gpg. Only the maintainers
    can commit checksum changes to the coreboot repository.
    Some libraries don't offer this possiblity and on update
    maintainers need to check the sources by themself adding checksums
    manually!
The checksum algorithm changed from sha1 to sha384. If you ask yourself
    why we don't use sha256 or sha512 for the checksum verification. You
    should take a look at following wiki article.
    https://en.wikipedia.org/wiki/Length_extension_attack
Also the url changed from http to https for security reasons
    where it was possible to do that.
Change-Id: Id45097fc7e8435fadce4bda75769592af2730b0c
    Signed-off-by: Philipp Deppenwiese zaolin@das-labor.org
---
 util/crossgcc/buildgcc                             | 222 +++++++++++++++++----
 util/crossgcc/gpg.keyring                          | Bin 0 -> 222182 bytes
 util/crossgcc/sum/Python-3.5.1.tar.xz.cksum        |   2 +-
 .../sum/acpica-unix2-20160831.tar.gz.cksum         |   2 +-
 util/crossgcc/sum/binutils-2.26.1.tar.bz2.cksum    |   2 +-
 util/crossgcc/sum/cfe-3.8.0.src.tar.xz.cksum       |   2 +-
 .../sum/clang-tools-extra-3.8.0.src.tar.xz.cksum   |   2 +-
 .../sum/compiler-rt-3.8.0.src.tar.xz.cksum         |   2 +-
 util/crossgcc/sum/expat-2.1.1.tar.bz2.cksum        |   2 +-
 util/crossgcc/sum/gcc-5.3.0.tar.bz2.cksum          |   2 +-
 util/crossgcc/sum/gdb-7.11.tar.xz.cksum            |   2 +-
 util/crossgcc/sum/gmp-6.1.0.tar.xz.cksum           |   2 +-
 util/crossgcc/sum/libelf-0.8.13.tar.gz.cksum       |   2 +-
 util/crossgcc/sum/llvm-3.8.0.src.tar.xz.cksum      |   2 +-
 util/crossgcc/sum/make-4.2.1.tar.bz2.cksum         |   2 +-
 util/crossgcc/sum/mpc-1.0.3.tar.gz.cksum           |   2 +-
 util/crossgcc/sum/mpfr-3.1.4.tar.xz.cksum          |   2 +-
 util/lint/lint-stable-003-whitespace               |   2 +-
 18 files changed, 197 insertions(+), 57 deletions(-)

diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc
index d64b687..b8fb212 100755
--- a/util/crossgcc/buildgcc
+++ b/util/crossgcc/buildgcc
@@ -5,6 +5,7 @@
 #            Stefan Reinauer stefan.reinauer@coresystems.de
 #
 # Copyright (C) 2011 by Sage Electronic Engineering
+# Copyright (C) 2016 by Philipp Deppenwiese
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,9 +19,9 @@
cd $(dirname $0)
-CROSSGCC_DATE="August 31st, 2016"
-CROSSGCC_VERSION="1.43"
-CROSSGCC_COMMIT=$( git describe )
+CROSSGCC_DATE="November 07th, 2016"
+CROSSGCC_VERSION="1.44"
+CROSSGCC_COMMIT=$(git describe)
# default settings
 PACKAGE=GCC
@@ -32,6 +33,7 @@ DESTDIR=
 SAVETEMPS=0
 SKIPPYTHON=1
 BOOTSTRAP=0
+GENERATE_CHECKSUMS=0
 THREADS=1
# GCC toolchain version numbers
@@ -50,6 +52,8 @@ EXPAT_VERSION=2.1.1
 CLANG_VERSION=3.8.0
 MAKE_VERSION=4.2.1
+GPG_KEYRING=$(pwd)/gpg.keyring
+
 # GCC toolchain archive locations
 # These are sanitized by the jenkins toolchain test builder, so if
 # a completely new URL is added here, it probably needs to be added
@@ -100,6 +104,8 @@ red='\033[0;31m'
 RED='\033[1;31m'
 green='\033[0;32m'
 GREEN='\033[1;32m'
+yellow='\033[0;33m'
+YELLOW='\033[1;33m'
 blue='\033[0;34m'
 BLUE='\033[1;34m'
 cyan='\033[0;36m'
@@ -261,49 +267,163 @@ check_cc() {
    fi
 }
-check_sum() {
-	test -z "$CHECKSUM" || \
-	test "$(cat sum/$1.cksum 2>/dev/null | sed -e 's@.*([0-9a-f]{40,}).*@\1@')" = \
-	"$($CHECKSUM tarballs/$1 2>/dev/null | sed -e 's@.*([0-9a-f]{40,}).*@\1@')"
+verify_signature() {
+	SIGNATURE_FILE="$1"
+	SOURCE_FILE="$2"
+
+	if [ -z "${GPG}" ] ; then
+		printf "\n * ${RED}GPG tool not found. Please install gnupg on your os.${NC}\n"
+		return 1
+	fi
+
+	if [ ! -f "${GPG_KEYRING}" ]; then
+		printf "\n * ${RED}The gpg keyring can't be found.${NC}\n"
+		return 1
+	fi
+
+	if [ ! -f "tarballs/${SIGNATURE_FILE}" ]; then
+		printf "\n * ${RED}No signature file found for package: ${SOURCE_FILE} !! PLEASE CHECK MANUALLY WHAT YOU DOWNLOADED, ABORTING CHECKSUM CREATION.${NC}\n"
+		return 1
+	fi
+
+	if [ ! -f "tarballs/${SOURCE_FILE}" ]; then
+		printf "\n * ${RED}Source file couldn't be downloaded.${NC}\n"
+		return 1
+	fi
+
+	GPG_OUTPUT=$(${GPG} --no-default-keyring --keyring ${GPG_KEYRING} --status-fd 1 --verify "tarballs/${SIGNATURE_FILE}" "tarballs/${SOURCE_FILE}" 2>&1)
+	if [ "${?}" = "0" ] ; then
+		printf "\n * ${GREEN}Signature is good and verified!${NC}"
+		return 0
+	fi
+
+	printf "\n * ${RED}Failed to verify signature of package.${NC}\n"
+	printf "\n * ${RED}Error: ${GPG_OUTPUT} ${NC}\n"
+	return 1
+}
+
+calculate_checksum() {
+	SOURCE_FILE=$1
+
+	test ! -f sum/"${SOURCE_FILE}".cksum && test -f tarballs/"${SOURCE_FILE}" && \
+	("${OPENSSL}" sha384 tarballs/"${SOURCE_FILE}" > sum/"${SOURCE_FILE}".cksum ) && \
+	printf "\n * Checksum created. ${CYAN}Note. Please upload sum/"${SOURCE_FILE}".cksum if the corresponding archive is upgraded.${NC}"
+}
+
+verify_checksum() {
+	STATIC_HASH=$(${AWK} '{ print $2 }' <sum/$1.cksum)
+	FILE_HASH=$(${OPENSSL} sha384 tarballs/$1 | ${AWK} '{ print $2 }')
+
+	if [ "${STATIC_HASH}" != "${FILE_HASH}" ]; then
+		printf "\n * ${RED}Failed to verify checksum of package ${1}.${NC}\n"
+		exit 1
+	fi
+
+	printf "\n * ${GREEN}Checksum 0x${FILE_HASH} verified.${NC}\n"
 }
-compute_sum() {
-	test ! -f sum/$1.cksum && test -f tarballs/$1 && \
-	(test -z "$CHECKSUM" || $CHECKSUM tarballs/$1 > sum/$1.cksum ) && \
-	printf "(checksum created. ${RED}Note. Please upload sum/$1.cksum if the corresponding archive is upgraded.)${NC}"
+validate_url() {
+	CHECK_URL=$(wget -S --spider $1 2>&1 | grep 'HTTP/1.1 200 OK')
+	if [ "${?}" = "0" ] ; then
+		return 1
+	else
+		return 0
+	fi
 }
download_showing_percentage() {
-	url=$1
-	printf " ..${red}  0%%"
-	wget --no-check-certificate $url 2>&1 | while read line; do
-		echo $line | grep -o "[0-9]+%" | awk '{printf("\b\b\b\b%4s", $1)}'
-	done
-	printf "${NC}"
+	NO_WARNING="$2"
+	URL=$1
+	printf " ..${YELLOW}  0%%${NC}"
+
+	if ! validate_url ${URL}; then
+		wget ${URL} 2>&1 | while read line; do
+			printf "${YELLOW}"
+			echo $line | grep -o "[0-9]+%" | awk '{printf("\b\b\b\b%4s", $1)}'
+			printf "${NC}"
+		done
+		if [ ${?} != "0" ]; then
+			printf "\n${YELLOW} * ${URL} is not valid.${NC}"
+			return 1
+		fi
+	elif [ "$NO_WARNING" = "0" ]; then
+		printf "\n${YELLOW} * ${URL} is not valid.${NC}"
+		return 1
+	fi
+
+	 return 0
 }
download() {
    package=$1
    archive="$(eval echo $$package"_ARCHIVE")"
-	FILE=$(basename $archive)
-	printf " * $FILE "
+	SOURCE_FILE=$(basename ${archive})
-	if test -f tarballs/$FILE && check_sum $FILE ; then
+	if test -f tarballs/${SOURCE_FILE} ; then
    	printf "(cached)"
    else
+		rm -f tarballs/${SOURCE_FILE}*
+		cd tarballs || exit 1
+
+		printf " * ${SOURCE_FILE} "
    	printf "(downloading from $archive)"
-		rm -f tarballs/$FILE
-		cd tarballs
-		download_showing_percentage $archive
+		download_showing_percentage ${archive} 0
+
    	cd ..
-		compute_sum $FILE
    fi
-	if [ ! -f tarballs/$FILE ]; then
-		printf "\n${RED}Failed to download $FILE.${NC}\n"
+	if [ ! -f tarballs/${SOURCE_FILE} ]; then
+		printf "\n${RED} * Failed to download ${SOURCE_FILE}.${NC}\n"
    	exit 1
    fi
+
+	printf "\n"
+}
+
+generate_checksums() {
+	package=$1
+	archive="$(eval echo $$package"_ARCHIVE")"
+	SOURCE_FILE=$(basename ${archive})
+	SIGNATURE_FILE="dummy"
+
+	rm -f tarballs/${SOURCE_FILE}*
+	rm -f sum/${SOURCE_FILE}.cksum*
+	cd tarballs || exit 1
+
+	printf " * ${SOURCE_FILE} "
+	printf "(downloading from ${archive})"
+	download_showing_percentage ${archive} 0
+
+	printf "\n * ${SOURCE_FILE} "
+	printf "(downloading signature file ${archive}.sig)"
+
+	download_showing_percentage "${archive}.sig" 0
+	if [ "${?}" = "0" ] ; then
+		SIGNATURE_FILE=$(basename ${archive}.sig)
+	fi
+
+	printf "\n * ${SOURCE_FILE} "
+	printf "(downloading signature file ${archive}.asc)"
+
+	download_showing_percentage "${archive}.asc" 0
+	if [ "${?}" = "0" ] ; then
+		SIGNATURE_FILE=$(basename ${archive}.asc)
+	fi
+
+	cd ..
+
+	verify_signature ${SIGNATURE_FILE} ${SOURCE_FILE}
+	if [ "${?}" = "0" ] ; then
+		calculate_checksum ${SOURCE_FILE}
+		verify_checksum ${SOURCE_FILE} ${archive}
+	fi
+
+	if [ ! -f tarballs/${SOURCE_FILE} ]; then
+		printf "\n${RED}Failed to download ${SOURCE_FILE}.${NC}\n"
+		exit 1
+	fi
+
    printf "\n"
 }
@@ -311,6 +431,10 @@ unpack_and_patch() {
    package=$1
    archive="$(eval echo $$package"_ARCHIVE")"
    dir="$(eval echo $$package"_DIR")"
+	FILE="$(basename $archive)"
+
+	verify_checksum ${FILE} ${archive}
+
    test -d ${dir} && test -f ${dir}/.unpack_success || (
    	printf " * $(basename $archive)\n"
    	FLAGS=zxf
@@ -434,7 +558,7 @@ cleanup()
myhelp()
 {
-	printf "Usage: $0 [-V] [-c] [-p <platform>] [-d <target directory>] [-D <dest dir>] [-C] [-G] [-S]\n"
+	printf "Usage: $0 [-V] [-c] [-p <platform>] [-d <target directory>] [-D <dest dir>] [-C] [-G] [-S] [-g]\n"
    printf "       $0 [-V|--version]\n"
    printf "       $0 [-h|--help]\n\n"
@@ -464,7 +588,9 @@ myhelp()
    printf "GDB specific options:\n"
    printf "    [-p|--platform <platform>]    target platform to build cross compiler for\n"
    printf "                                  (defaults to $TARGETARCH)\n"
-	printf "    [-S|--scripting]              build scripting support for GDB\n\n"
+	printf "    [-S|--scripting]              build scripting support for GDB\n"
+	printf "    [-g|--generate-checksums]     re-generates the checksum for all packages and\n"
+	printf "                                  verifies them with the help of gpg signatures\n\n"
    printf "Platforms for GCC & GDB:\n"
    printf "    x86_64 i386-elf i386-mingw32 mipsel-elf riscv-elf arm aarch64\n"
    printf "    powerpc64le-linux-gnu nds32le-elf\n\n"
@@ -481,6 +607,7 @@ myversion()
    cat << EOF
 Copyright (C) 2008-2010 by coresystems GmbH
 Copyright (C) 2011 by Sage Electronic Engineering
+Copyright (C) 2016 by Philipp Deppenwiese
This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -749,12 +876,12 @@ getopt - > /dev/null 2>/dev/null || gcc -o getopt getopt.c
 getoptbrand="$(getopt -V | sed -e '1!d' -e 's,^(......).*,\1,')"
 if [ "${getoptbrand}" = "getopt" ]; then
    # Detected GNU getopt that supports long options.
-	args=$(getopt -l version,help,clean,directory:,bootstrap,platform:,languages:,package:,jobs:,destdir:,savetemps,scripting,ccache,supported:,urls,nocolor -o Vhcd:bp:l:P:j:D:tSys:un -- "$@")
+	args=$(getopt -l version,help,clean,directory:,bootstrap,platform:,languages:,package:,jobs:,destdir:,savetemps,scripting,ccache,supported:,generate_checksums,urls,nocolor -o Vhcd:bp:l:P:j:D:tSys:gun -- "$@")
    getopt_ret=$?
    eval set -- "$args"
 else
    # Detected non-GNU getopt
-	args=$(getopt Vhcd:bp:l:P:j:D:tSys:un $*)
+	args=$(getopt Vhcd:bp:l:P:j:D:tSys:gun $*)
    getopt_ret=$?
    set -- $args
 fi
@@ -782,7 +909,8 @@ while true ; do
    	-s|--supported) shift; PRINTSTABLE="$1"; shift;;
    	-u|--urls)	shift; printf "%s\n" "$ALL_ARCHIVES"; exit 0;;
    	-n|--nocolor)	shift; \
-			unset red RED green GREEN blue BLUE cyan CYAN NC;;
+			unset red RED green GREEN blue BLUE cyan CYAN yellow YELLOW NC;;
+		-g|--generate-checksums) shift; GENERATE_CHECKSUMS=1;;
    	--)		shift; break;;
    	*)		break;;
    esac
@@ -848,6 +976,10 @@ case "$PACKAGE" in
    	NAME="GNU Make"
    	PACKAGES=MAKE
    	;;
+	ALL|all)
+		NAME="All packages"
+		PACKAGES="GMP MPFR MPC LIBELF BINUTILS GCC EXPAT PYTHON GDB LLVM CFE CRT CTE IASL MAKE"
+		;;
    *)
    	printf "${red}ERROR: Unsupported package $PACKAGE. (Supported packages are GCC, GDB, CLANG, IASL, MAKE)${NC}\n\n";
    	exit 1
@@ -856,15 +988,14 @@ esac
# Find all the required tools:
-TAR=$(searchtool tar) || exit $?
-PATCH=$(searchtool patch) || exit $?
-MAKE=$(searchtool make) || exit $?
-SHA1SUM=$(searchtool sha1sum)
-#SHA512SUM=$(searchtool sha512sum)
-#MD5SUM=$(searchtool md5sum)
-CHECKSUM=$SHA1SUM
-LBZIP2=$(searchtool lbzip2 "" nofail)
-PIGZ=$(searchtool pigz "" nofail)
+TAR=$(searchtool tar "tar")
+PATCH=$(searchtool patch "patch")
+MAKE=$(searchtool make "Make")
+LBZIP2=$(searchtool lbzip2 "bzip2" nofail)
+PIGZ=$(searchtool pigz "pigz" nofail)
+GPG=$(searchtool gpg "gpg" nofail)
+OPENSSL=$(searchtool openssl "openssl")
+AWK=$(searchtool awk "Awk")
searchtool m4 > /dev/null
 searchtool bison > /dev/null
@@ -946,6 +1077,15 @@ if [ "$USECCACHE" = 1 ]; then
    CC="ccache $CC"
 fi
+if [ "$GENERATE_CHECKSUMS" = 1 ]; then
+	mkdir -p tarballs
+	for P in $PACKAGES; do
+		generate_checksums $P
+	done
+
+	exit 0
+fi
+
 # Prepare target directory for building GCC
 # (dependencies must be in the PATH)
 mkdir -p $DESTDIR$TARGETDIR/bin
@@ -977,7 +1117,7 @@ printf "Packages built ... ${green}ok${NC}\n"
 # for reproducibility
 PROGNAME=$(basename "$0")
 rm -f "$DESTDIR$TARGETDIR/share/$PROGNAME-*"
-cp "$PROGNAME" "$DESTDIR$TARGETDIR/share/$PROGNAME-$CROSSGCC_VERSION-$CROSGCC_COMMIT"
+cp "$PROGNAME" "$DESTDIR$TARGETDIR/share/$PROGNAME-$CROSSGCC_VERSION-$CROSSGCC_COMMIT"
cleanup
diff --git a/util/crossgcc/gpg.keyring b/util/crossgcc/gpg.keyring
new file mode 100644
index 0000000..8cbce7e
Binary files /dev/null and b/util/crossgcc/gpg.keyring differ
diff --git a/util/crossgcc/sum/Python-3.5.1.tar.xz.cksum b/util/crossgcc/sum/Python-3.5.1.tar.xz.cksum
index 58affb0..46f43a3 100644
--- a/util/crossgcc/sum/Python-3.5.1.tar.xz.cksum
+++ b/util/crossgcc/sum/Python-3.5.1.tar.xz.cksum
@@ -1 +1 @@
-0186da436db76776196612b98bb9c2f76acfe90e  tarballs/Python-3.5.1.tar.xz
+SHA384(tarballs/Python-3.5.1.tar.xz)= 9aca49d2cde4760035f4fff23e8a446f6451e8effb6e6fab3f259645a631593acb2ce3412aadf810f103f3f6b561abe7
diff --git a/util/crossgcc/sum/acpica-unix2-20160831.tar.gz.cksum b/util/crossgcc/sum/acpica-unix2-20160831.tar.gz.cksum
index d7e538b..6b39768 100644
--- a/util/crossgcc/sum/acpica-unix2-20160831.tar.gz.cksum
+++ b/util/crossgcc/sum/acpica-unix2-20160831.tar.gz.cksum
@@ -1 +1 @@
-7e7449f15a195fefd72b65b1671df18e4dccf665  tarballs/acpica-unix2-20160831.tar.gz
+SHA384(tarballs/acpica-unix2-20160831.tar.gz)= 171f914bbfc71a69011494cd3484bc87e5ce6b28558699585c8719c250094140357793ead18d2432573a61a1ea5afc6c
diff --git a/util/crossgcc/sum/binutils-2.26.1.tar.bz2.cksum b/util/crossgcc/sum/binutils-2.26.1.tar.bz2.cksum
index 4bd0bce..b3a7126 100644
--- a/util/crossgcc/sum/binutils-2.26.1.tar.bz2.cksum
+++ b/util/crossgcc/sum/binutils-2.26.1.tar.bz2.cksum
@@ -1 +1 @@
-624cd377e3a8eef3db83a56ce289a60f556b3ec2  tarballs/binutils-2.26.1.tar.bz2
+SHA384(tarballs/binutils-2.26.1.tar.bz2)= 30cc8be8c230d69b966b80268223b823b3d301c83472317a4b6ff3aa9dd528a31cb1af33640097854e0e34743b1339b7
diff --git a/util/crossgcc/sum/cfe-3.8.0.src.tar.xz.cksum b/util/crossgcc/sum/cfe-3.8.0.src.tar.xz.cksum
index 7ba8c8c..48ccfbf 100644
--- a/util/crossgcc/sum/cfe-3.8.0.src.tar.xz.cksum
+++ b/util/crossgcc/sum/cfe-3.8.0.src.tar.xz.cksum
@@ -1 +1 @@
-2230ef962f2df3c13ec93f5b04b0e3cdff94b2ce  tarballs/cfe-3.8.0.src.tar.xz
+SHA384(tarballs/cfe-3.8.0.src.tar.xz)= 3edbe3cafc58ad6fc3d3a133156a656ea7756e8a36176b29bba63434d6f073cef63241cc6df8337fcab3832dd5b5c485
diff --git a/util/crossgcc/sum/clang-tools-extra-3.8.0.src.tar.xz.cksum b/util/crossgcc/sum/clang-tools-extra-3.8.0.src.tar.xz.cksum
index e9d8d72..2c4154c 100644
--- a/util/crossgcc/sum/clang-tools-extra-3.8.0.src.tar.xz.cksum
+++ b/util/crossgcc/sum/clang-tools-extra-3.8.0.src.tar.xz.cksum
@@ -1 +1 @@
-a99d8b6fc5e593c4671424b327779318a1856acf  tarballs/clang-tools-extra-3.8.0.src.tar.xz
+SHA384(tarballs/clang-tools-extra-3.8.0.src.tar.xz)= abd447239f09295f8592225bb7e07ba57cedc3d19a4972b45cd7d70a2db82106d1874a5be03656f8209a0e8a1308fb31
diff --git a/util/crossgcc/sum/compiler-rt-3.8.0.src.tar.xz.cksum b/util/crossgcc/sum/compiler-rt-3.8.0.src.tar.xz.cksum
index 081705d..8637b48 100644
--- a/util/crossgcc/sum/compiler-rt-3.8.0.src.tar.xz.cksum
+++ b/util/crossgcc/sum/compiler-rt-3.8.0.src.tar.xz.cksum
@@ -1 +1 @@
-480ea09e369dac6de1f3759b27fa19417b26b69e  tarballs/compiler-rt-3.8.0.src.tar.xz
+SHA384(tarballs/compiler-rt-3.8.0.src.tar.xz)= 4560d512f3c3a0dbcc5c29ab7754b07d91ffa1ddc1c06a5215f3d325bc3f138ebf483e2a37abb10fc36cd125e6bf559e
diff --git a/util/crossgcc/sum/expat-2.1.1.tar.bz2.cksum b/util/crossgcc/sum/expat-2.1.1.tar.bz2.cksum
index 882e501..e3a94fa 100644
--- a/util/crossgcc/sum/expat-2.1.1.tar.bz2.cksum
+++ b/util/crossgcc/sum/expat-2.1.1.tar.bz2.cksum
@@ -1 +1 @@
-ff91419882ac52151050dad0ee8190645fbeee08  tarballs/expat-2.1.1.tar.bz2
+SHA384(tarballs/expat-2.1.1.tar.bz2)= 816e8ca9ac57b6aac76e9979d11714313246492a49c228bb0a16d349174be45cd780d760524eb45acf12ff371e8b96a3
diff --git a/util/crossgcc/sum/gcc-5.3.0.tar.bz2.cksum b/util/crossgcc/sum/gcc-5.3.0.tar.bz2.cksum
index bb05e39..073390b 100644
--- a/util/crossgcc/sum/gcc-5.3.0.tar.bz2.cksum
+++ b/util/crossgcc/sum/gcc-5.3.0.tar.bz2.cksum
@@ -1 +1 @@
-0612270b103941da08376df4d0ef4e5662a2e9eb  tarballs/gcc-5.3.0.tar.bz2
+SHA384(tarballs/gcc-5.3.0.tar.bz2)= 4184972f66dc929686c30936cf8f5085829d8584118ebc3e2ec53a40754afbefc351cfd2c211c09dd3b6eb4ab4759820
diff --git a/util/crossgcc/sum/gdb-7.11.tar.xz.cksum b/util/crossgcc/sum/gdb-7.11.tar.xz.cksum
index ffe5a1c..f3082e7 100644
--- a/util/crossgcc/sum/gdb-7.11.tar.xz.cksum
+++ b/util/crossgcc/sum/gdb-7.11.tar.xz.cksum
@@ -1 +1 @@
-466208d771d97d3dfcf965d5c835a669cff8d847  tarballs/gdb-7.11.tar.xz
+SHA384(tarballs/gdb-7.11.tar.xz)= 82f89ef35ea1916d5faa67b7fefa2ac3627894d245c43fb4e20828274566cbbb5d7f83899baad77a3cf7fe9fec6f8c7b
diff --git a/util/crossgcc/sum/gmp-6.1.0.tar.xz.cksum b/util/crossgcc/sum/gmp-6.1.0.tar.xz.cksum
index 348b80f..e0ebab2 100644
--- a/util/crossgcc/sum/gmp-6.1.0.tar.xz.cksum
+++ b/util/crossgcc/sum/gmp-6.1.0.tar.xz.cksum
@@ -1 +1 @@
-99d691607613e749aa5d7c0c2a89aeab38fec070  tarballs/gmp-6.1.0.tar.xz
+SHA384(tarballs/gmp-6.1.0.tar.xz)= ec69b394cbcf887ab0717473b04bb70ce30102abf24869eca5acb781de405d3a5670fabb776ba68cfe6e117631522d9f
diff --git a/util/crossgcc/sum/libelf-0.8.13.tar.gz.cksum b/util/crossgcc/sum/libelf-0.8.13.tar.gz.cksum
index daa27c6..46f991d 100644
--- a/util/crossgcc/sum/libelf-0.8.13.tar.gz.cksum
+++ b/util/crossgcc/sum/libelf-0.8.13.tar.gz.cksum
@@ -1 +1 @@
-c1d6ac5f182d19dd685c4dfd74eedbfe3992425d  tarballs/libelf-0.8.13.tar.gz
+SHA384(tarballs/libelf-0.8.13.tar.gz)= 07fc0b1a40ba3d2b003899df199d1043bb5d44cf7d913e6460c985582e5275b634edb6af6779255d770010fd7d09580e
diff --git a/util/crossgcc/sum/llvm-3.8.0.src.tar.xz.cksum b/util/crossgcc/sum/llvm-3.8.0.src.tar.xz.cksum
index 2f0af53..e407716 100644
--- a/util/crossgcc/sum/llvm-3.8.0.src.tar.xz.cksum
+++ b/util/crossgcc/sum/llvm-3.8.0.src.tar.xz.cksum
@@ -1 +1 @@
-723ac918979255706434a05f5af34b71c49c9971  tarballs/llvm-3.8.0.src.tar.xz
+SHA384(tarballs/llvm-3.8.0.src.tar.xz)= 5d5a012e4d494a4534fcec7643ad28bab7467b96029b6d497e1d523357ae7c9e8bd86400dc90e261d791d6391a369b30
diff --git a/util/crossgcc/sum/make-4.2.1.tar.bz2.cksum b/util/crossgcc/sum/make-4.2.1.tar.bz2.cksum
index 34af72c..5c8a69c9 100644
--- a/util/crossgcc/sum/make-4.2.1.tar.bz2.cksum
+++ b/util/crossgcc/sum/make-4.2.1.tar.bz2.cksum
@@ -1 +1 @@
-7d9d11eb36cfb752da1fb11bb3e521d2a3cc8830  tarballs/make-4.2.1.tar.bz2
+SHA384(tarballs/make-4.2.1.tar.bz2)= 07fed67f907c8139cd27d606069ce20f219ccf1d047d2ebb2a2b3242d4332957a64b7ff8c3b5db4b28dcbbfdb2ad1e01
diff --git a/util/crossgcc/sum/mpc-1.0.3.tar.gz.cksum b/util/crossgcc/sum/mpc-1.0.3.tar.gz.cksum
index c7ca1ac..50c2c67 100644
--- a/util/crossgcc/sum/mpc-1.0.3.tar.gz.cksum
+++ b/util/crossgcc/sum/mpc-1.0.3.tar.gz.cksum
@@ -1 +1 @@
-b8be66396c726fdc36ebb0f692ed8a8cca3bcc66  tarballs/mpc-1.0.3.tar.gz
+SHA384(tarballs/mpc-1.0.3.tar.gz)= dceeb2566d6145fa771641d22de3bef866fa601fe1fa964bc680a275919080bd12bc1abab4f68cecdbaef71d295b7397
diff --git a/util/crossgcc/sum/mpfr-3.1.4.tar.xz.cksum b/util/crossgcc/sum/mpfr-3.1.4.tar.xz.cksum
index 90f90eb..88cd06c 100644
--- a/util/crossgcc/sum/mpfr-3.1.4.tar.xz.cksum
+++ b/util/crossgcc/sum/mpfr-3.1.4.tar.xz.cksum
@@ -1 +1 @@
-cedc0055d55b6ee4cd17e1e6119ed412520ff81a  tarballs/mpfr-3.1.4.tar.xz
+SHA384(tarballs/mpfr-3.1.4.tar.xz)= 30a2807378f578544538810b24bb65d44268015e5d2390d8ae6383fe3939b3bba1e85279789400a226b365010de4bbcd
diff --git a/util/lint/lint-stable-003-whitespace b/util/lint/lint-stable-003-whitespace
index 3dbd473..144cda1 100755
--- a/util/lint/lint-stable-003-whitespace
+++ b/util/lint/lint-stable-003-whitespace
@@ -15,5 +15,5 @@
 # DESCR: Check for superfluous whitespace in the tree
LC_ALL=C export LC_ALL
-grep -l "[[:space:]][[:space:]]*$" `git ls-files src util |egrep -v "(^3rdparty|^src/vendorcode/|^util/kconfig/|^util/nvidia/cbootimage$|<COPYING>|<LICENSE>|<README>|_shipped$|.patch$|.bin$|.hex$|.jpg$)"` | \
+grep -l "[[:space:]][[:space:]]*$" `git ls-files src util |egrep -v "(^3rdparty|^src/vendorcode/|^util/kconfig/|^util/nvidia/cbootimage$|<COPYING>|<LICENSE>|<README>|_shipped$|.keyring$|.patch$|.bin$|.hex$|.jpg$)"` | \
    sed -e "s,^.*$,File & has lines ending with whitespace.,"

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Patch set updated for coreboot: util/crossgcc: Toolchain verified sources