system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-22 18:46:18 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Ports: Use SHA256 to verify file integrity for binutils

Browse source 
There's no point in using a keyring file we just downloaded from the
same file mirror to verify the authenticity of the binutils tarball.

If someone were to compromise the file mirror they could just as easily
replace the keyring file and we'd happily tell the user that their copy
of binutils is genuine.
This commit is contained in:
Gunnar Beutner 2021-07-28 18:22:01 +02:00 committed by Andreas Kling
parent edce9153af
commit f7d772282d
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Ports/binutils/package.sh
View file

@ -3,9 +3,7 @@ port=binutils
version=2.37
useconfigure=true
configopts="--target=${SERENITY_ARCH}-pc-serenity --with-sysroot=/ --with-build-sysroot=${SERENITY_INSTALL_ROOT} --disable-werror --disable-gdb --disable-nls"
files="https://ftpmirror.gnu.org/gnu/binutils/binutils-${version}.tar.xz binutils-${version}.tar.xz
https://ftpmirror.gnu.org/gnu/binutils/binutils-${version}.tar.xz.sig binutils-${version}.tar.xz.sig
https://ftpmirror.gnu.org/gnu/gnu-keyring.gpg gnu-keyring.gpg"
auth_type="sig"
files="https://ftpmirror.gnu.org/gnu/binutils/binutils-${version}.tar.xz binutils-${version}.tar.xz 820d9724f020a3e69cb337893a0b63c2db161dadcb0e06fc11dc29eb1e84a32c"
auth_type="sha256"
auth_opts="--keyring ./gnu-keyring.gpg binutils-${version}.tar.xz.sig"
export ac_cv_func_getrusage=no