Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
This version has changed its build system to cmake and
can use zstd. We build zstd just before this package, but
depend on cmake from the host system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Please refer to https://ccache.dev/news.html#2020-10-01 for a list of
all release notes since version 3.4.1, it is unfortunately way too long
to be added here. :-]
Since ccache is not part of the distribution itself, no rootfile updates
were necessary.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
gcc-7 not support -fcf-protection so filter it from CFLAGS.
also filter -mtune in first pass because it should optimized for the
actual host.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The toolchain will be built without hardening which makes
the entire bootstrapping process way more complicated than
necessary and sometimes fail on some host distribution.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The first pass will compile ccache which is statically linked and
is used for the cross toolchain.
The second pass is dynamically linked and is used to the target
system.
