From 878550d51949cec38cc475c1ec87b968e8fbec6b Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Sat, 9 Sep 2023 16:39:26 +0100 Subject: use sha512sum to check downloads, not sha1sum sha-1 has known collision issues, which may not be readily exploitable yet (in our context), but we should ideally use a more secure method for checking file integrity. therefore, use sha-2 (sha512sum) for checking files. this is slower than sha-1, but checksum verification is only a minor part of what lbmk does, so the overall effect on build times is quite negligible. Signed-off-by: Leah Rowe --- script/build/release/roms | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'script/build/release') diff --git a/script/build/release/roms b/script/build/release/roms index a56c43f5..53c75c63 100755 --- a/script/build/release/roms +++ b/script/build/release/roms @@ -171,8 +171,8 @@ strip_archive() ( cd "${romdir}" || err "strip_archive: !cd ${romdir}" - sha1sum *.rom >> blobhashes || \ - err "strip_archive: ${romdir}: !sha1sum *.rom >> blobhashes" + sha512sum *.rom >> blobhashes || \ + err "strip_archive: ${romdir}: !sha512sum *.rom >> blobhashes" ) for romfile in "${romdir}"/*.rom; do -- cgit v1.2.1