From 1484c03916ec7672a053f04bf0b53741189bf649 Mon Sep 17 00:00:00 2001
From: Martin Roth <martinroth@google.com>
Date: Tue, 8 Mar 2016 09:37:14 -0700
Subject: crossgcc/buildgcc: Add comment about URLs and jenkins builder

Add a comment to try to lower possible confusion later if the jenkins
tool builder fails to build a new tool.  The URLs for the packages that
are downloaded are checked against known locations so that someone can't
maliciously download a package from somewhere and run it on the build
server.  This provides a little bit of security, but could confuse
someone if they don't realize it.

Change-Id: I7858e3d86fc705b480f6792b6adf3d5349580e01
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/13955
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
---
 util/crossgcc/buildgcc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'util/crossgcc')

diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc
index df9ac4aa6d..eef71e51e5 100755
--- a/util/crossgcc/buildgcc
+++ b/util/crossgcc/buildgcc
@@ -47,6 +47,9 @@ CLANG_VERSION=3.7.1
 MAKE_VERSION=4.1
 
 # GCC toolchain archive locations
+# These are sanitized by the jenkins toolchain test builder, so if
+# a completely new URL is added here, it probably needs to be added
+# to the jenkins build as well, or the builder won't download it.
 GMP_ARCHIVE="http://ftpmirror.gnu.org/gmp/gmp-${GMP_VERSION}.tar.bz2"
 MPFR_ARCHIVE="http://ftpmirror.gnu.org/mpfr/mpfr-${MPFR_VERSION}.tar.bz2"
 MPC_ARCHIVE="http://ftpmirror.gnu.org/mpc/mpc-${MPC_VERSION}.tar.gz"
-- 
cgit v1.2.3