[vlc-commits] [Git][videolan/vlc][master] 4 commits: contrib: rav1e: don't assume the downloaded vendor tarball is valid

Steve Lhomme (@robUx4) gitlab at videolan.org
Mon Jul 29 10:09:10 UTC 2024



Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
468ac4dd by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: rav1e: don't assume the downloaded vendor tarball is valid

Right now it doesn't exist, but later it will be and it needs to be checked
properly.

Some targets are renamed because the checksum macro uses a prefix per target.

- - - - -
877e87b8 by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: make the vendoring checksum system generic

Just like the regular tarball checksum.

The vendor tarball checksum is located in a <package>/vendor-SHA512SUMS
and the rule to use is called .sum-vendor-<package>.

- - - - -
d44a133c by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: rav1e: merge the vendor tarball generator in download_vendor

- - - - -
4dd60587 by Steve Lhomme at 2024-07-29T10:35:20+02:00
contrib: rust: skip hash check for generated vendor tarball

We will never have the same tarball on all platforms using
different versions of tar, different order of files, different owner, etc.

Since we generated the tarball we don't have to verify
the checksum, we can assume it's OK, assuming cargo vendor is safe.

If we ever delete the tarball, the marker is deleted so we check
the download properly from the download if possible.

- - - - -


3 changed files:

- contrib/src/main-rust.mak
- contrib/src/rav1e/rules.mak
- + contrib/src/rav1e/vendor-SHA512SUMS


Changes:

=====================================
contrib/src/main-rust.mak
=====================================
@@ -95,12 +95,28 @@ CARGO_INSTALL = $(CARGO) install $(CARGO_INSTALL_ARGS)
 CARGOC_INSTALL = $(CARGO) capi install $(CARGO_INSTALL_ARGS)
 
 download_vendor = \
+	rm $@.skip-hash; \
 	$(call download,$(CONTRIB_VIDEOLAN)/$(2)/$(1)) || (\
-               echo "" && \
-               echo "WARNING: cargo vendor archive for $(1) not found" && \
-               echo "" && \
+               rm $@; \
+               $(RM) -R vendor-$(2)-build; \
+               mkdir -p vendor-$(2)-build && \
+               tar xzfo $(TARBALLS)/$(3) -C vendor-$(2)-build --strip-components=1 && \
+               cd vendor-$(2)-build && \
+               $(CARGO_NATIVE) vendor --locked $(patsubst %.tar,%,$(basename $(notdir $(1)))) && \
+               tar -jcf $(1) $(patsubst %.tar,%,$(basename $(notdir $(1)))) && \
+               cd .. && \
+               install vendor-$(2)-build/$(1) "$(TARBALLS)" && \
+               $(RM) -R vendor-$(2)-build && \
+               touch $@.skip-hash && \
+               touch $@) || (\
                rm $@);
 
+.sum-vendor-%: $(SRC)/%/vendor-SHA512SUMS
+	$(foreach f,$(filter %.tar.bz2,$^), if test ! -f $(f).skip-hash; then \
+		$(call checksum,$(SHA512SUM),vendor-SHA512,.sum-vendor-); \
+	fi)
+	touch $@
+
 # Extract and move the vendor archive if the checksum is valid. Succeed even in
 # case of error (download or checksum failed). In that case, the cargo-vendor
 # archive won't be used (crates.io will be used directly).


=====================================
contrib/src/rav1e/rules.mak
=====================================
@@ -6,7 +6,7 @@ RAV1E_URL := https://crates.io/api/v1/crates/rav1e/$(RAV1E_VERSION)/download
 ifdef BUILD_RUST
 ifdef BUILD_ENCODERS
 PKGS += rav1e
-PKGS_ALL += rav1e-vendor
+PKGS_ALL += vendor-rav1e
 endif
 endif
 
@@ -27,35 +27,21 @@ DEPS_rav1e = rustc-cross $(DEPS_rustc-cross)
 else
 DEPS_rav1e = rustc $(DEPS_rustc)
 endif
-DEPS_rav1e-vendor = rustc $(DEPS_rustc)
-DEPS_rav1e += rav1e-vendor $(DEPS_rav1e-vendor) cargo-c $(DEPS_cargo-c)
+DEPS_vendor-rav1e = rustc $(DEPS_rustc)
+DEPS_rav1e += vendor-rav1e $(DEPS_vendor-rav1e) cargo-c $(DEPS_cargo-c)
 
-# rav1e-vendor
-
-rav1e-vendor-build:
-	$(RM) -R $@
-	mkdir -p $@
-	tar xzfo $(TARBALLS)/rav1e-$(RAV1E_VERSION).tar.gz -C $@ --strip-components=1
-	cd $@ && $(CARGO_NATIVE) vendor --locked rav1e-$(RAV1E_VERSION)-vendor
-	cd $@ && tar -jcf rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 rav1e-$(RAV1E_VERSION)-vendor
-	install $@/rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 "$(TARBALLS)"
-	# cd $@ && sha512sum rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 > SHA512SUMS
-	# install $@/SHA512SUMS $(SRC)/rav1e-vendor/SHA512SUMS
-	$(RM) -R $@
+# vendor-rav1e
 
 $(TARBALLS)/rav1e-$(RAV1E_VERSION)-vendor.tar.bz2: .sum-rav1e .rustc
-	-$(call download_vendor,rav1e-$(RAV1E_VERSION)-vendor.tar.bz2,rav1e)
-	# if the vendor tarball doesn't exist yet, we build it
-	if test ! -s "$@"; then $(RM) -R rav1e-vendor-build; $(MAKE) rav1e-vendor-build; fi
+	$(call download_vendor,rav1e-$(RAV1E_VERSION)-vendor.tar.bz2,rav1e,rav1e-$(RAV1E_VERSION).tar.gz)
 
-.sum-rav1e-vendor: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2
-	touch $@
+.sum-vendor-rav1e: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2
 
-rav1e-vendor: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 .sum-rav1e-vendor
+rav1e-vendor: rav1e-$(RAV1E_VERSION)-vendor.tar.bz2 .sum-vendor-rav1e
 	$(UNPACK)
 	$(MOVE)
 
-.rav1e-vendor: rav1e-vendor
+.vendor-rav1e: rav1e-vendor
 	touch $@
 
 # rav1e


=====================================
contrib/src/rav1e/vendor-SHA512SUMS
=====================================
@@ -0,0 +1 @@
+fa67587eee85c49b409f8eede4671c823b70b837e807308117e4cc5ed2b890d4ab1b4e3e4447427cad24cbe7d38018bb96b72b52cc9fa3fbb80a2c28380211ff  rav1e-0.7.1-vendor.tar.bz2



View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/29a9f8687c91733a5126b84f6568633c72600cd9...4dd60587a84ecc726d05d7b71a13e0f3f0e7b76b

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/29a9f8687c91733a5126b84f6568633c72600cd9...4dd60587a84ecc726d05d7b71a13e0f3f0e7b76b
You're receiving this email because of your account on code.videolan.org.


VideoLAN code repository instance


More information about the vlc-commits mailing list