[coreboot] buildgcc certs and signature hashes
Zaolin
zaolin at das-labor.org
Wed Aug 3 15:57:00 CEST 2016
Checkout my commit. Today I will upload a new version of it.
https://review.coreboot.org/#/c/15170/
On 08/03/2016 03:52 PM, Trammell Hudson wrote:
> It looks like the util/crossgcc/buildgcc script disables HTTPS cert
> checks and doesn't have a way to verify the signatures or hashes of the
> files that it receives.
>
> download_showing_percentage() {
> url=$1
> printf " ..${red} 0%%"
> wget --no-check-certificate $url 2>&1 | while read line; do
> printf "${red}"
> echo $line | grep -o "[0-9]\+%" | awk '{printf("\b\b\b\b%4s", $1)}'
> printf "${NC}"
> done
> }
>
>
> I'm worried that this introduces a minor, but potential security
> issue for the build process.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20160803/fb79047d/attachment.asc>
More information about the coreboot
mailing list