3 Aug
2016
3 Aug
'16
3:57 p.m.
Checkout my commit. Today I will upload a new version of it.
https://review.coreboot.org/#/c/15170/
On 08/03/2016 03:52 PM, Trammell Hudson wrote:
It looks like the util/crossgcc/buildgcc script disables HTTPS cert checks and doesn't have a way to verify the signatures or hashes of the files that it receives.
download_showing_percentage() { url=$1 printf " ..${red} 0%%" wget --no-check-certificate $url 2>&1 | while read line; do printf "${red}" echo $line | grep -o "[0-9]+%" | awk '{printf("\b\b\b\b%4s", $1)}' printf "${NC}" done }
I'm worried that this introduces a minor, but potential security issue for the build process.