RFR: 8369454: Verify checksums of downloaded source bundles when creating devkit
Mikael Vidstedt
mikael at openjdk.org
Wed Oct 8 22:52:42 UTC 2025
Let's verify that the downloaded source bundles (tar balls) are sound by computing a checksum and verifying against the baked in one.
This change also introduces a way to provide alternative mirrors for the source bundles, e.g. by setting `GCC_BASE_URL` or `GNU_BASE_URL`.
Testing:
* Built devkit on linux-x64
* Tested that overriding `GNU_BASE_URL` works as expected
* Verified that the JDK builds with the new devkit
-------------
Commit messages:
- Verify download checksums
Changes: https://git.openjdk.org/jdk/pull/27708/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27708&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8369454
Stats: 45 lines in 1 file changed: 31 ins; 0 del; 14 mod
Patch: https://git.openjdk.org/jdk/pull/27708.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27708/head:pull/27708
PR: https://git.openjdk.org/jdk/pull/27708
More information about the build-dev
mailing list