summaryrefslogtreecommitdiff
path: root/script/build/release/roms
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-09-09 16:39:26 +0100
committerLeah Rowe <leah@libreboot.org>2023-09-09 16:39:26 +0100
commit878550d51949cec38cc475c1ec87b968e8fbec6b (patch)
treeee1df97bb23ed2b13413853324542f9cc4ae53ed /script/build/release/roms
parent022e0200df14222cee54dddf5faada1177f97319 (diff)
use sha512sum to check downloads, not sha1sum
sha-1 has known collision issues, which may not be readily exploitable yet (in our context), but we should ideally use a more secure method for checking file integrity. therefore, use sha-2 (sha512sum) for checking files. this is slower than sha-1, but checksum verification is only a minor part of what lbmk does, so the overall effect on build times is quite negligible. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'script/build/release/roms')
-rwxr-xr-xscript/build/release/roms4
1 files changed, 2 insertions, 2 deletions
diff --git a/script/build/release/roms b/script/build/release/roms
index a56c43f5..53c75c63 100755
--- a/script/build/release/roms
+++ b/script/build/release/roms
@@ -171,8 +171,8 @@ strip_archive()
(
cd "${romdir}" || err "strip_archive: !cd ${romdir}"
- sha1sum *.rom >> blobhashes || \
- err "strip_archive: ${romdir}: !sha1sum *.rom >> blobhashes"
+ sha512sum *.rom >> blobhashes || \
+ err "strip_archive: ${romdir}: !sha512sum *.rom >> blobhashes"
)
for romfile in "${romdir}"/*.rom; do