Skip to content

west: blobs: verify fetched blobs after downloading #76186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 30, 2024
Merged

west: blobs: verify fetched blobs after downloading #76186

merged 2 commits into from
Jul 30, 2024

Conversation

@dottspina
Copy link
Contributor

@dottspina dottspina commented Jul 22, 2024
edited by cfriedt
Loading

Problem description

Running west blobs fetch does not verify the digest of downloaded files.

Fixes #76185

Proposed change

Call zephyr_module.get_blob_status() (again) after downloading, and warn the user if the blob status is BLOB_OUTDATED (digests don't match).

Note: The proposed error message is intended to not be scary, and assumes incorrect metadata (URL or digest) rather than a compromised download:

$ west blobs fetch hal_espressif
Fetching blob hal_espressif: path/to/zephyr/modules/hal/espressif/zephyr/blobs/lib/esp32c3/libbtdm_app.a
ERROR: The checksum of the downloaded file does not match that in the blob metadata:
- if it is not certain that the download was successful,
  try running 'west blobs fetch hal_espressif'
  to re-download the file
- if the error persists, please consider contacting
  the maintainers of the module so that they can check
  the corresponding blob metadata

Module: hal_espressif
Blob:   lib/esp32c3/libbtdm_app.a
URL:    https://github.com/espressif/esp32c3-bt-lib/raw/b438f60a295183e7c67eb42ae05f4580f4b1ced0/esp32c3/libbtdm_app.a
Info:   Binary libraries supporting the ESP32 series RF subsystems

Thanks.

pdgendt
pdgendt previously approved these changes Jul 23, 2024
View reviewed changes
57300
57300 previously approved these changes Jul 23, 2024
View reviewed changes
@aescolar aescolar added this to the v3.7.1 milestone Jul 23, 2024
@aescolar aescolar added the backport v3.7-branch Request backport to the v3.7-branch label Jul 23, 2024
@dottspina dottspina dismissed stale reviews from 57300 and pdgendt via f27f80c July 23, 2024 19:51
@dottspina dottspina force-pushed the pr-verify-fetched-blobs branch from 4f2633c to f27f80c Compare July 23, 2024 19:51
dottspina added 2 commits July 23, 2024 21:59
@dottspina
west: blobs: prefer constants to literals for blob status
4a75c3d 
Replace blob status literals with the corresponding
constants defined in zephyr_module.

Signed-off-by: Christophe Dufaza <[email protected]>
@dottspina
west: blobs: verify fetched blobs after downloading
771bcde 
Running 'west blobs fetch' does not verify the digest of downloaded files:
1. if the checksum of the previously downloaded file does match
   that in the blob metadata (status BLOB_PRESENT), do nothing
2. if the checksum of the previously downloaded file does not match
   that in the blob metadata (status BLOB_OUTDATED),
   download the "up to date" file
3. if the blob has not yet been downloaded (status BLOB_NOT_PRESENT),
   download it

None of the 2) and 3) code paths will verify that the checksum of the file
just downloaded actually matches the digest in the blob's metadata.

In the event that the metadata of a module is incorrect, then the user
will not notice anything, and may rely on an unexpected binary,
e.g. a static library for a different architecture.

According to the Binary Blobs documentation [1], the expected
behavior is to check the blob digest after downloading.

[1] Fetching blobs, Zephyr 3.6.0 (still applies to Zephyr 3.7.0rc3)
docs.zephyrproject.org/3.6.0/contribute/bin_blobs.html#fetching-blobs

Signed-off-by: Christophe Dufaza <[email protected]>
@dottspina dottspina force-pushed the pr-verify-fetched-blobs branch from f27f80c to 771bcde Compare July 23, 2024 20:04
@fabiobaltieri fabiobaltieri merged commit 2b2a0e0 into zephyrproject-rtos:main Jul 30, 2024
@zephyrbot zephyrbot mentioned this pull request Jul 30, 2024
Merged
@dottspina dottspina deleted the pr-verify-fetched-blobs branch July 30, 2024 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pdgendt pdgendt pdgendt approved these changes

@tejlmand tejlmand tejlmand approved these changes

@sylvioalves sylvioalves sylvioalves approved these changes

@57300 57300 57300 left review comments

@carlescufi carlescufi Awaiting requested review from carlescufi

@jeremybettis jeremybettis Awaiting requested review from jeremybettis

@mbolivar-ampere mbolivar-ampere Awaiting requested review from mbolivar-ampere

@nashif nashif Awaiting requested review from nashif

@nordicjm nordicjm Awaiting requested review from nordicjm

@swinslow swinslow Awaiting requested review from swinslow

Assignees

@tejlmand tejlmand

Labels

area: Build System area: West West utility backport v3.7-branch Request backport to the v3.7-branch

Projects

None yet

Milestone

v3.7.1

Development

Successfully merging this pull request may close these issues.

scripts: 'west blobs fetch' does not verify digests after downloading

8 participants

@dottspina @pdgendt @tejlmand @sylvioalves @57300 @fabiobaltieri @zephyrbot @aescolar