[coreboot] buildgcc certs and signature hashes

Trammell Hudson hudson at trmm.net
Wed Aug 3 15:52:47 CEST 2016


It looks like the util/crossgcc/buildgcc script disables HTTPS cert
checks and doesn't have a way to verify the signatures or hashes of the
files that it receives.

download_showing_percentage() {
        url=$1
        printf " ..${red}  0%%"
        wget --no-check-certificate $url 2>&1 | while read line; do
                printf "${red}"
                echo $line | grep -o "[0-9]\+%" | awk '{printf("\b\b\b\b%4s", $1)}'
                printf "${NC}"
        done
}


I'm worried that this introduces a minor, but potential security
issue for the build process.

-- 
Trammell



More information about the coreboot mailing list