mirror of
https://codeberg.org/libreboot/lbmk.git
synced 2026-07-14 15:29:35 +02:00
use sha512sum to check downloads, not sha1sum
sha-1 has known collision issues, which may not be readily exploitable yet (in our context), but we should ideally use a more secure method for checking file integrity. therefore, use sha-2 (sha512sum) for checking files. this is slower than sha-1, but checksum verification is only a minor part of what lbmk does, so the overall effect on build times is quite negligible. Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
@@ -171,8 +171,8 @@ strip_archive()
|
||||
|
||||
(
|
||||
cd "${romdir}" || err "strip_archive: !cd ${romdir}"
|
||||
sha1sum *.rom >> blobhashes || \
|
||||
err "strip_archive: ${romdir}: !sha1sum *.rom >> blobhashes"
|
||||
sha512sum *.rom >> blobhashes || \
|
||||
err "strip_archive: ${romdir}: !sha512sum *.rom >> blobhashes"
|
||||
)
|
||||
|
||||
for romfile in "${romdir}"/*.rom; do
|
||||
|
||||
Reference in New Issue
Block a user