use sha512sum to check downloads, not sha1sum

sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.

therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.

Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
Leah Rowe
2023-09-09 16:39:26 +01:00
parent 022e0200df
commit 878550d519
5 changed files with 37 additions and 30 deletions
+1 -1
View File
@@ -455,7 +455,7 @@ vendor_checksum()
printf "Vendor update not found on disk for: %s\n" "${board}" \
1>&2
return 1
elif [ "$(sha1sum ${dl_path} | awk '{print $1}')" != "${1}" ]; then
elif [ "$(sha512sum ${dl_path} | awk '{print $1}')" != "${1}" ]; then
printf "Bad checksum on vendor update for: %s\n" "${board}" 1>&2
return 1
fi