development/ghidra
development/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra synced 2024-08-28 05:20:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

cdt-8.6.0.zip checksum isn't downloaded over HTTPS

Browse source 
The file cdt-8.6.0.zip itself isn't available over HTTPS, so it is important that we download the checksum over HTTPS. Otherwise, the MITM can modify both the file and its SHA512 to match the malicious zip file.
This commit is contained in:
Xiaoyin Liu 2019-10-18 13:58:54 +08:00 committed by GitHub
parent 93cf24c485
commit 85ca6137a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
DevGuide.md
View file

@ -177,7 +177,7 @@ Download `cdt-8.6.0.zip` from The Eclipse Foundation, and place it in:
```bash
cd ~/Downloads # Or wherever
curl -OL 'http://www.eclipse.org/downloads/download.php?r=1&protocol=https&file=/tools/cdt/releases/8.6/cdt-8.6.0.zip'
curl -o 'cdt-8.6.0.zip.sha512' -L --retry 3 'http://www.eclipse.org/downloads/sums.php?type=sha512&file=/tools/cdt/releases/8.6/cdt-8.6.0.zip'
curl -o 'cdt-8.6.0.zip.sha512' -L --retry 3 'https://www.eclipse.org/downloads/sums.php?type=sha512&file=/tools/cdt/releases/8.6/cdt-8.6.0.zip'
shasum -a 512 -c 'cdt-8.6.0.zip.sha512'
mkdir -p ~/git/ghidra/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/build/
cp ~/Downloads/cdt-8.6.0.zip ~/git/ghidra/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/build/