[vlc-commits] [Git][videolan/vlc][master] 4 commits: contrib: rav1e: don't assume the downloaded vendor tarball is valid
Steve Lhomme (@robUx4)
gitlab at videolan.org
Mon Jul 29 10:09:10 UTC 2024
Steve Lhomme pushed to branch master at VideoLAN / VLC
Commits:
468ac4dd by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: rav1e: don't assume the downloaded vendor tarball is valid
Right now it doesn't exist, but later it will be and it needs to be checked
properly.
Some targets are renamed because the checksum macro uses a prefix per target.
- - - - -
877e87b8 by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: make the vendoring checksum system generic
Just like the regular tarball checksum.
The vendor tarball checksum is located in a <package>/vendor-SHA512SUMS
and the rule to use is called .sum-vendor-<package>.
- - - - -
d44a133c by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: rav1e: merge the vendor tarball generator in download_vendor
- - - - -
4dd60587 by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: rust: skip hash check for generated vendor tarball
We will never have the same tarball on all platforms using
different versions of tar, different order of files, different owner, etc.
Since we generated the tarball we don't have to verify
the checksum, we can assume it's OK, assuming cargo vendor is safe.
If we ever delete the tarball, the marker is deleted so we check
the download properly from the download if possible.
- - - - -
3 changed files:
- contrib/src/main-rust.mak
- contrib/src/rav1e/rules.mak
- + contrib/src/rav1e/vendor-SHA512SUMS
Changes:
=====================================
contrib/src/main-rust.mak
=====================================
@@ -95,12 +95,28 @@ CARGO_INSTALL = $(CARGO) install $(CARGO_INSTALL_ARGS)
CARGOC_INSTALL = $(CARGO) capi install $(CARGO_INSTALL_ARGS)
download_vendor = \
+ rm $@.skip-hash; \
$(call download,$(CONTRIB_VIDEOLAN)/$(2)/$(1)) || (\
- echo "" && \
- echo "WARNING: cargo vendor archive for $(1) not found" && \
- echo "" && \
+ rm $@; \
+ $(RM) -R vendor-$(2)-build; \
+ mkdir -p vendor-$(2)-build && \
+ tar xzfo $(TARBALLS)/$(3) -C vendor-$(2)-build --strip-components=1 && \
+ cd vendor-$(2)-build && \
+ $(CARGO_NATIVE) vendor --locked $(patsubst %.tar,%,$(basename $(notdir $(1)))) && \
+ tar -jcf $(1) $(patsubst %.tar,%,$(basename $(notdir $(1)))) && \
+ cd .. && \
+ install vendor-$(2)-build/$(1) "$(TARBALLS)" && \
+ $(RM) -R vendor-$(2)-build && \
+ touch $@.skip-hash && \
+ touch $@) || (\
rm $@);
+.sum-vendor-%: $(SRC)/%/vendor-SHA512SUMS
+ $(foreach f,$(filter %.tar.bz2,$^), if test ! -f $(f).skip-hash; then \
+ $(call checksum,$(SHA512SUM),vendor-SHA512,.sum-vendor-); \
+ fi)
+ touch $@
+
# Extract and move the vendor archive if the checksum is valid. Succeed even in
# case of error (download or checksum failed). In that case, the cargo-vendor
# archive won't be used (crates.io will be used directly).
=====================================
contrib/src/rav1e/rules.mak
=====================================
@@ -6,7 +6,7 @@ RAV1E_URL := https://crates.io/api/v1/crates/rav1e/$(RAV1E_VERSION)/download
ifdef BUILD_RUST
ifdef BUILD_ENCODERS
PKGS += rav1e
-PKGS_ALL += rav1e-vendor
+PKGS_ALL += vendor-rav1e
endif
endif
@@ -27,35 +27,21 @@ DEPS_rav1e = rustc-cross $(DEPS_rustc-cross)
else
DEPS_rav1e = rustc $(DEPS_rustc)
endif
-DEPS_rav1e-vendor = rustc $(DEPS_rustc)
-DEPS_rav1e += rav1e-vendor $(DEPS_rav1e-vendor) cargo-c $(DEPS_cargo-c)
+DEPS_vendor-rav1e = rustc $(DEPS_rustc)
+DEPS_rav1e += vendor-rav1e $(DEPS_vendor-rav1e) cargo-c $(DEPS_cargo-c)
-# rav1e-vendor
-
-rav1e-vendor-build:
- $(RM) -R $@
- mkdir -p $@
- tar xzfo $(TARBALLS)/rav1e-$(RAV1E_VERSION).tar.gz -C $@ --strip-components=1
- cd $@ && $(CARGO_NATIVE) vendor --locked rav1e-$(RAV1E_VERSION)-vendor
- cd $@ && tar -jcf rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 rav1e-$(RAV1E_VERSION)-vendor
- install $@/rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 "$(TARBALLS)"
- # cd $@ && sha512sum rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 > SHA512SUMS
- # install $@/SHA512SUMS $(SRC)/rav1e-vendor/SHA512SUMS
- $(RM) -R $@
+# vendor-rav1e
$(TARBALLS)/rav1e-$(RAV1E_VERSION)-vendor.tar.bz2: .sum-rav1e .rustc
- -$(call download_vendor,rav1e-$(RAV1E_VERSION)-vendor.tar.bz2,rav1e)
- # if the vendor tarball doesn't exist yet, we build it
- if test ! -s "$@"; then $(RM) -R rav1e-vendor-build; $(MAKE) rav1e-vendor-build; fi
+ $(call download_vendor,rav1e-$(RAV1E_VERSION)-vendor.tar.bz2,rav1e,rav1e-$(RAV1E_VERSION).tar.gz)
-.sum-rav1e-vendor: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2
- touch $@
+.sum-vendor-rav1e: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2
-rav1e-vendor: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 .sum-rav1e-vendor
+rav1e-vendor: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 .sum-vendor-rav1e
$(UNPACK)
$(MOVE)
-.rav1e-vendor: rav1e-vendor
+.vendor-rav1e: rav1e-vendor
touch $@
# rav1e
=====================================
contrib/src/rav1e/vendor-SHA512SUMS
=====================================
@@ -0,0 +1 @@
+fa67587eee85c49b409f8eede4671c823b70b837e807308117e4cc5ed2b890d4ab1b4e3e4447427cad24cbe7d38018bb96b72b52cc9fa3fbb80a2c28380211ff rav1e-0.7.1-vendor.tar.bz2
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/29a9f8687c91733a5126b84f6568633c72600cd9...4dd60587a84ecc726d05d7b71a13e0f3f0e7b76b
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/29a9f8687c91733a5126b84f6568633c72600cd9...4dd60587a84ecc726d05d7b71a13e0f3f0e7b76b
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list