[coreboot-gerrit] Patch set updated for coreboot: crossgcc/buildgcc: Add comment about URLs and jenkins builder

[Martin Roth (martinroth@google.com)]

Martin Roth (martinroth at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/13955

-gerrit

commit 2ac2d130379c0cc58b1e7d553d826b230451e52d
Author: Martin Roth <martinroth at google.com>
Date:   Tue Mar 8 09:37:14 2016 -0700

    crossgcc/buildgcc: Add comment about URLs and jenkins builder
    
    Add a comment to try to lower possible confusion later if the jenkins
    tool builder fails to build a new tool.  The URLs for the packages that
    are downloaded are checked against known locations so that someone can't
    maliciously download a package from somewhere and run it on the build
    server.  This provides a little bit of security, but could confuse
    someone if they don't realize it.
    
    Change-Id: I7858e3d86fc705b480f6792b6adf3d5349580e01
    Signed-off-by: Martin Roth <martinroth at google.com>
---
 util/crossgcc/buildgcc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc
index df9ac4a..eef71e5 100755
--- a/util/crossgcc/buildgcc
+++ b/util/crossgcc/buildgcc
@@ -47,6 +47,9 @@ CLANG_VERSION=3.7.1
 MAKE_VERSION=4.1
 
 # GCC toolchain archive locations
+# These are sanitized by the jenkins toolchain test builder, so if
+# a completely new URL is added here, it probably needs to be added
+# to the jenkins build as well, or the builder won't download it.
 GMP_ARCHIVE="http://ftpmirror.gnu.org/gmp/gmp-${GMP_VERSION}.tar.bz2"
 MPFR_ARCHIVE="http://ftpmirror.gnu.org/mpfr/mpfr-${MPFR_VERSION}.tar.bz2"
 MPC_ARCHIVE="http://ftpmirror.gnu.org/mpc/mpc-${MPC_VERSION}.tar.gz"