Update download locations to outside repository content (#1280)

kar-rahul-aws · web-flow · commit 62bd622ffc49 · 2025-06-05T23:23:47.000+05:30
Update curl command to download in a non user accessible folder
diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml
@@ -42,11 +42,22 @@ jobs:
           # ${{ env.stepName }}
           echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
 
-          wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1
-          echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV
-
-          echo "::endgroup::"
-          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
+          wget -nv -q -O "$HOME/cov-analysis.tar.gz" https://scan.coverity.com/download/linux64 --post-data="token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel"
+          
+          EXPECTED_MD5="e4418004b073140d67390cffba79c3b2"
+          GENERATED_MD5=$(md5sum "$HOME/cov-analysis.tar.gz" | awk '{print $1}')
+
+          if [ "$GENERATED_MD5" = "$EXPECTED_MD5" ]; then
+            tar -zxf "$HOME/cov-analysis.tar.gz" --one-top-level=cov_scan -C "$HOME"            
+            echo "cov_scan_path=$HOME/cov_scan/bin" >> $GITHUB_ENV
+            sudo rm -f "$HOME/cov-analysis.tar.gz"
+            echo "::endgroup::"
+            echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
+          else
+            echo -e "${{ env.bashFail }} MD5 checksum verification failed for cov-analysis.tar.gz ${{ env.bashEnd }}"
+            echo -e "${{ env.bashFail }} ${{ env.stepName }} ${{ env.bashEnd }}"
+            exit -1            
+          fi
 
       - env:
           stepName: Coverity Build
diff --git a/.github/workflows/kernel-demos.yml b/.github/workflows/kernel-demos.yml
@@ -156,14 +156,27 @@ jobs:
         run: |
           # ${{ env.stepName }}
           echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
-          curl -L -O https://dr-download.ti.com/software-development/ide-configuration-compiler-or-debugger/MD-LlCjWuAbzH/9.3.1.2/msp430-gcc-full-linux-x64-installer-9.3.1.2.7z
           sudo apt update -y
           sudo apt install -y p7zip-full
-          7z x ./msp430-gcc-full-linux-x64-installer-9.3.1.2.7z
-          chmod +x ./msp430-gcc-full-linux-x64-installer-9.3.1.2.run
-          sudo ./msp430-gcc-full-linux-x64-installer-9.3.1.2.run --prefix /usr/bin/msp430-gcc --mode unattended
-          echo "::endgroup::"
-          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
+          pushd $HOME
+          curl -L -o msp430-gcc-full-linux-x64-installer-9.3.1.2.7z https://dr-download.ti.com/software-development/ide-configuration-compiler-or-debugger/MD-LlCjWuAbzH/9.3.1.2/msp430-gcc-full-linux-x64-installer-9.3.1.2.7z
+          
+          EXPECTED_MD5="2db2f99b4cd5c541ca0389ee20c67527"
+          GENERATED_MD5=$(md5sum msp430-gcc-full-linux-x64-installer-9.3.1.2.7z | awk '{print $1}')
+
+          if [ "$GENERATED_MD5" = "$EXPECTED_MD5" ]; then          
+            7z x ./msp430-gcc-full-linux-x64-installer-9.3.1.2.7z
+            chmod +x ./msp430-gcc-full-linux-x64-installer-9.3.1.2.run
+            sudo ./msp430-gcc-full-linux-x64-installer-9.3.1.2.run --prefix /usr/bin/msp430-gcc --mode unattended
+            echo "::endgroup::"
+            popd
+            echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
+          else
+            popd
+            echo -e "${{ env.bashFail }} MD5 checksum verification failed for msp430-gcc-full-linux-x64-installer-9.3.1.2.7z ${{ env.bashEnd }}"
+            echo -e "${{ env.bashFail }} ${{ env.stepName }} ${{ env.bashEnd }}"
+            exit -1
+          fi
 
       - name: Build msp430_GCC Demo
         shell: bash
@@ -211,21 +224,23 @@ jobs:
           sudo apt install -y autogen gawk libgmp-dev libmpc-dev libmpfr-dev
           sudo apt install -y patchutils sharutils zlib1g-dev autoconf2.64
 
+          pushd $HOME
           # Download the mb-gcc toolchain from github
-          curl -L -O https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/binutils-microblaze_2.35-2021-0623+1_amd64.deb;
-          curl -L -O https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/gcc-microblaze_10.2.0-2021-0623+2_amd64.deb;
-          curl -L -O https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/libnewlib-microblaze-dev_3.3.0-2021-0623+3_all.deb;
-          curl -L -O https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/libnewlib-microblaze-doc_3.3.0-2021-0623+3_all.deb;
-          curl -L -O https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/libnewlib-microblaze_3.3.0-2021-0623+3_all.deb;
-          curl -L -O https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/newlib-source_3.3.0-2021-0623+3_all.deb;
+          curl -L -o binutils-microblaze.deb https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/binutils-microblaze_2.35-2021-0623+1_amd64.deb;
+          curl -L -o gcc-microblaze.deb https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/gcc-microblaze_10.2.0-2021-0623+2_amd64.deb;
+          curl -L -o libnewlib-microblaze-dev.deb https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/libnewlib-microblaze-dev_3.3.0-2021-0623+3_all.deb;
+          curl -L -o libnewlib-microblaze-doc.deb https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/libnewlib-microblaze-doc_3.3.0-2021-0623+3_all.deb;
+          curl -L -o libnewlib-microblaze.deb https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/libnewlib-microblaze_3.3.0-2021-0623+3_all.deb;
+          curl -L -o newlib-source.deb https://github.com/mdednev/mb-gcc/releases/download/2021-0623%2B2/newlib-source_3.3.0-2021-0623+3_all.deb;
+          popd
 
           # Install the packages for the toolchain
-          sudo apt install -y ./binutils-microblaze*.deb;
-          sudo apt install -y ./gcc-microblaze*.deb;
-          sudo apt install -y ./libnewlib-microblaze-dev*.deb;
-          sudo apt install -y ./libnewlib-microblaze-doc*.deb;
-          sudo apt install -y ./libnewlib-microblaze*.deb;
-          sudo apt install -y ./newlib-source*.deb;
+          sudo apt install -y $HOME/binutils-microblaze.deb;
+          sudo apt install -y $HOME/gcc-microblaze.deb;
+          sudo apt install -y $HOME/libnewlib-microblaze-dev.deb;
+          sudo apt install -y $HOME/libnewlib-microblaze-doc.deb;
+          sudo apt install -y $HOME/libnewlib-microblaze.deb;
+          sudo apt install -y $HOME/newlib-source.deb;
 
           # Validate that the toolchain is in the path and can be called
           which mb-gcc
diff --git a/portable/ThirdParty/GCC/ARM_TFM/README.md b/portable/ThirdParty/GCC/ARM_TFM/README.md
@@ -52,13 +52,13 @@ Kernel runs in the Non-Secure Side.
 The setting of this macro is decided by the setting in Secure Side which is platform-specific.
 If the Secure Side enables Non-Secure access to FPU, then this macro can be configured as 0 or 1. Otherwise, this macro can only be configured as 0.
 Please note that Cortex-M23 does not support FPU.
-Please refer to [TF-M documentation](https://tf-m-user-guide.trustedfirmware.org/integration_guide/tfm_fpu_support.html) for FPU usage on the Non-Secure side.
+Please refer to [TF-M documentation](https://trustedfirmware-m.readthedocs.io/en/latest/integration_guide/tfm_fpu_support.html) for FPU usage on the Non-Secure side.
 
 * `configENABLE_MVE`
 The setting of this macro is decided by the setting in Secure Side which is platform-specific.
 If the Secure Side enables Non-Secure access to MVE, then this macro can be configured as 0 or 1. Otherwise, this macro can only be configured as 0.
 Please note that only Cortex-M55 and Cortex-M85 support MVE.
-Please refer to [TF-M documentation](https://tf-m-user-guide.trustedfirmware.org/integration_guide/tfm_fpu_support.html) for MVE usage on the Non-Secure side.
+Please refer to [TF-M documentation](https://trustedfirmware-m.readthedocs.io/en/latest/integration_guide/tfm_fpu_support.html) for MVE usage on the Non-Secure side.
 
 * `configENABLE_TRUSTZONE`
 This macro should be configured as 0 because TF-M doesn't use the secure context management function of FreeRTOS. New secure context management might be introduced when TF-M supports multiple secure context.
