mirror of
https://codeberg.org/libreboot/lbmk.git
synced 2026-07-13 14:59:34 +02:00
use sha512sum to check downloads, not sha1sum
sha-1 has known collision issues, which may not be readily exploitable yet (in our context), but we should ideally use a more secure method for checking file integrity. therefore, use sha-2 (sha512sum) for checking files. this is slower than sha-1, but checksum verification is only a minor part of what lbmk does, so the overall effect on build times is quite negligible. Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
@@ -127,7 +127,10 @@ patch_release_roms()
|
||||
|
||||
(
|
||||
cd "${_tmpdir}"/bin/*
|
||||
sha1sum --status -c blobhashes || \
|
||||
|
||||
# NOTE: For compatibility with older rom releases, defer to sha1
|
||||
sha512sum --status -c blobhashes || \
|
||||
sha1sum --statuc -c blobhashes || \
|
||||
err "patch_release_roms: ROMs did not match expected hashes"
|
||||
)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user