mirror of
https://codeberg.org/libreboot/lbmk.git
synced 2026-07-16 23:08:49 +02:00
use sha512sum to check downloads, not sha1sum
sha-1 has known collision issues, which may not be readily exploitable yet (in our context), but we should ideally use a more secure method for checking file integrity. therefore, use sha-2 (sha512sum) for checking files. this is slower than sha-1, but checksum verification is only a minor part of what lbmk does, so the overall effect on build times is quite negligible. Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
@@ -455,7 +455,7 @@ vendor_checksum()
|
||||
printf "Vendor update not found on disk for: %s\n" "${board}" \
|
||||
1>&2
|
||||
return 1
|
||||
elif [ "$(sha1sum ${dl_path} | awk '{print $1}')" != "${1}" ]; then
|
||||
elif [ "$(sha512sum ${dl_path} | awk '{print $1}')" != "${1}" ]; then
|
||||
printf "Bad checksum on vendor update for: %s\n" "${board}" 1>&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user