Per https://bugs.eclipse.org/bugs/show_bug.cgi?id=134634#c3 this
mirror redirection feature is not well known, but it works and it
removes a decision point from an otherwise copy-and-paste set of
steps.
The `r=1` query fragment causes Eclipse.org's download.php to pass
a redirect directly back to the client rather than a mirror list:
https://git.eclipse.org/c/www.eclipse.org/downloads.git/tree/download.php#n97
Sadly it appears that including the `protocol=https` query element
is wasted effort since that value is unconditionally overridden:
https://git.eclipse.org/c/www.eclipse.org/downloads.git/tree/download.php#n173
Add CDT 8.6.0 checksum verification (via HTTPS)
Per https://wiki.eclipse.org/CBI/How_to_check_integrity_of_downloads_from_the_Eclipse_Foundation
the Eclipse Foundation mirror system offers the ability to retrieve
checksums for mirrored packages to provide an additional degree of
certainty about the absence of tampering in transit, since mirrored
files are provided via HTTP. (The link cites performance concerns
as the reason for transferring mirrored files unencrypted, but that
concern, while common, is well known to be less worrisome than has
been the case even recently, [eg.][1] )
The `sums.php` [source][2] shows three checkum types may be used as
valid options: md5, sha1, and sha512. We'll prefer sha512. We'll
also assume that the `sha512sum` tool is available and supports the
`-c`/`--check` invocation option.
I have observed these three checksum values for `cdt-8.6.0.zip` as
returned by the Eclipse Foundation mirror, and I'm noting them here
rather than in `DevGuide.md` directly on the assumption that it is
a better idea to let `sha512sum` do the verification instead of the
user following the guide:
| Type | Value |
| ------ | ----- |
| md5 | `8e9438a6e3947d614af98e1b58e945a2` |
| sha1 | `6363c3eece78277cc6b6748bb4eba0166db30a6a` |
| sha512 | `2b8bb498146aa29995e807c5b4e9d5dab0f6afe89a5ce256978b7b2c478677a0cb5a0f15913a32bd99cb7b4bb31230521f70b9c26cdef1cb983dfcea599737c0` |
[1]: https://istlsfastyet.com
[2]: https://git.eclipse.org/c/www.eclipse.org/downloads.git/tree/sums.php
of row numbers are used to track work items, 2) added API methods for
things like removing items, and getting a dialog closed notification;
added tests
To prevent man-in-the-middle attack, it's better to use HTTPS for symbol
downloading whenever possible. WinDbg also uses
https://msdl.microsoft.com/download/symbols by default.
ADD (SP plus register, T32) was incorrectly op11=0x1e (1 1 1 1 0),
but is supposed to be 0x1d (1 1 1 0 1)
ARM's CLREX matches THUMB's BL<c> <label>. Added AMODE check to
CLREX
