[coreboot] buildgcc certs and signature hashes
Trammell Hudson
hudson at trmm.net
Wed Aug 3 15:52:47 CEST 2016
It looks like the util/crossgcc/buildgcc script disables HTTPS cert
checks and doesn't have a way to verify the signatures or hashes of the
files that it receives.
download_showing_percentage() {
url=$1
printf " ..${red} 0%%"
wget --no-check-certificate $url 2>&1 | while read line; do
printf "${red}"
echo $line | grep -o "[0-9]\+%" | awk '{printf("\b\b\b\b%4s", $1)}'
printf "${NC}"
done
}
I'm worried that this introduces a minor, but potential security
issue for the build process.
--
Trammell
More information about the coreboot
mailing list