Vendored build sources (v1)
Mirrored upstream source archives consumed by the cross-builder image (hvlite-deps/Dockerfile).
These bytes come directly from the upstream projects; they are merely re-hosted here for build reliability. GitHub's CDN is far more reliable than the original endpoints (savannah gitweb, musl.libc.org, ftpmirror.gnu.org redirects, ftp.barfooze.de), and re-hosting eliminates intermittent CI flakes from upstream outages.
The Dockerfile pins each asset by sha256 with ADD --checksum=, so this release is purely a delivery channel — the bytes are still cryptographically bound to upstream.
| File | sha256 | Upstream source |
|---|---|---|
binutils-2.33.1.tar.xz |
ab66fc2d…24722cbf |
https://ftp.gnu.org/gnu/binutils/binutils-2.33.1.tar.xz |
config.sub |
75d5d255…4a58d8d3 |
git.savannah.gnu.org/cgit/config.git @ 3d5db9ebe860 |
gcc-11.5.0.tar.xz |
a6e21868…09363478 |
https://ftp.gnu.org/gnu/gcc/gcc-11.5.0/gcc-11.5.0.tar.xz |
gmp-6.1.2.tar.bz2 |
5275bb04…73d8fb2 |
https://ftp.gnu.org/gnu/gmp/gmp-6.1.2.tar.bz2 |
linux-headers-4.19.88-2.tar.xz |
dc7abf73…2e05588 |
https://ftp.barfooze.de/pub/sabotage/tarballs/linux-headers-4.19.88-2.tar.xz |
mpc-1.1.0.tar.gz |
6985c538…7c75e4a |
https://ftp.gnu.org/gnu/mpc/mpc-1.1.0.tar.gz |
mpfr-4.0.2.tar.bz2 |
c05e3f02…cca253ac |
https://ftp.gnu.org/gnu/mpfr/mpfr-4.0.2.tar.bz2 |
musl-1.2.5.tar.gz |
a9a118bb…6fc7c75e4 |
https://musl.libc.org/releases/musl-1.2.5.tar.gz |
License notes (all permit redistribution): binutils/gcc/config.sub are GPL with the appropriate runtime/autoconf exceptions; gmp/mpc/mpfr are LGPL; linux-headers are GPLv2; musl is MIT.
To add or update a source: upload the new file as an asset to this release (or a new release) and update the matching --checksum= and URL in hvlite-deps/Dockerfile.