Viewing all changes in revision 385.
- Committer: James Tunnicliffe
- Date: 2011-07-22 20:38:17 UTC
- mfrom: (383.2.4 linaro-image-tools)
- Revision ID: james.tunnicliffe@linaro.org-20110722203817-tr67lzaj7xfbuz14
After downloading files fetch_image[_ui].py checks the sha1sums and GPG signatures of the downloads.
If a GPG signature doesn't verify a sha1sum file, the GPG signatures and sha1sums are re-downloaded. The GPG signatures are then re-checked. If the GPG signatures still don't verify all the sha1sums, we abort.
If a sha1sum check fails, the file it is checksumming is re-downloaded. If after retrying a download then sha1sum check still fails the process is aborted.
If if all GPG signatures are valid and sha1sum checks pass, we mark the packages as signed.
If GPG signatures or SHA1 sums are unavailable for any package, and the above rules are met, we continue with image creation, but the packages are marked as unsigned.
If a GPG signature doesn't verify a sha1sum file, the GPG signatures and sha1sums are re-downloaded. The GPG signatures are then re-checked. If the GPG signatures still don't verify all the sha1sums, we abort.
If a sha1sum check fails, the file it is checksumming is re-downloaded. If after retrying a download then sha1sum check still fails the process is aborted.
If if all GPG signatures are valid and sha1sum checks pass, we mark the packages as signed.
If GPG signatures or SHA1 sums are unavailable for any package, and the above rules are met, we continue with image creation, but the packages are marked as unsigned.
- files modified:
- fetch_image_ui.py
expand all
collapse all
added
removed
