Restrict downloads to system and uboot images

It would be nice to have this by November 24th as agreed with Danilo.

See also lp:887147

To be able to remove the click through license from the (non Android) hwpacks we need to add the same restriction to releases.linaro.org, snapshots.linaro.org and wherever else we can download hwpacks from.

Possibly also some change to linaro-fetch-image(-ui) since that can download hwpacks without user intervention. So I'll add l-i-t as well then. :)

Can we get a list of all the locations these images may exist at. Currently, I have:

- PPA(s)
- releases.linaro.org
- snapshots.linaro.org

What about the temp places that the build systems use to build stuff?

The build service is Offspring, it pulls packages from PPA. Once the build is done, the hardware packs are copied on snapshots.linaro.org.

https://android-build.linaro.org/
https://android-build.linaro.org/jenkins

This bug is related to the overall effort #887147.

The temp place that the build system uses is still private, and we also don't have access to them.

Usually when we create a new build project at offspring we create a RT to enable the automatic sync between the build server and snapshots.linaro.org. If the private hwpack is working properly already, then we'd just the to request the sync between the build server and the special place that has the click through interface.

That should be all from the Ubuntu side, we just need to check then how the private packages are available for the hwpacks, like having a private PPA (don't yet know the technical requirements from this side).

I would like to list exact places from which build downloads are available on https://android-build.linaro.org . Below, I give exact URLs representing the URL patterns we have in use. Some parts in them are dynamic of course (job name, build number, file name).

1. https://android-build.linaro.org/jenkins/job/linaro-android_panda/416/artifact/build/out/target/product/pandaboard/system.tar.bz2
2. http://android-build.linaro.org/builds/~linaro-android/panda/416/target/product/pandaboard/system.tar.bz2
3. https://android-build.linaro.org/builds/~linaro-android/panda/416/output/build/out/target/product/pandaboard/system.tar.bz2

#1 is Jenkins internal link (served by Jenkins, proxied by Apache), #2 & #3 are our frontend links, served by Apache directly off filesystem. And #3 is not really produced on any page any longer for few months, it is legacy one which used to be shown in one very obscure place, and I'm 99.9% positive that it wasn't posted anywhere. So, good solution would be to remove support for it altogether, then we'd have to maintain only 1 frontend link (+1 implicit jenkins' one). For the frontend link, we could use .htaccess to add needed rewrite/redirect magic, and that would be scalable solution (no need to patch central config), but that won't work for #1, which is internal "virtual" Jenkins link, so it would need to be handled by central Apache config file (of course, we can produce include file specifically for click-thru redirects).

And final note - all above is pertinent if EULA-protected builds will be still served from https://android-build.linaro.org/ . (But secure not-hosting them on https://android-build.linaro.org/ is a task on its own.)

Danilo and the infrastructure team did an amazing job in providing the necessary support for this to happen in time for 2011.12 release.

We might need to fix fetch-image* stuff to go through the click-through properly (i.e. show the license text).

Have taken the linaro-image-tools bit and changed it to linaro-fetch-image since it would appear the only missing bit is that linaro-fetch-image doesn't support displaying the license to the user so they can accept it.

It would be nice to cache license acceptance. Is it OK to download a copy of the license when the user accepts it and assume that if the license doesn't change, the user doesn't need to accept it again (download the license every time, if the license downloaded matches one that has been accepted, doen't ask the user to accept it again)?