summaryrefslogtreecommitdiff
path: root/Ports/binutils/package.sh
diff options
context:
space:
mode:
authorGunnar Beutner <gbeutner@serenityos.org>2021-07-28 18:22:01 +0200
committerAndreas Kling <kling@serenityos.org>2021-07-28 21:28:31 +0200
commitf7d772282dba60cec108b748eedd1e6dee617e44 (patch)
tree2de9bc517b444830c86fdd3f0c41acc5467c6c4c /Ports/binutils/package.sh
parentedce9153af4fcb14670f71d10ab34b5c4768125c (diff)
downloadserenity-f7d772282dba60cec108b748eedd1e6dee617e44.zip
Ports: Use SHA256 to verify file integrity for binutils
There's no point in using a keyring file we just downloaded from the same file mirror to verify the authenticity of the binutils tarball. If someone were to compromise the file mirror they could just as easily replace the keyring file and we'd happily tell the user that their copy of binutils is genuine.
Diffstat (limited to 'Ports/binutils/package.sh')
-rwxr-xr-xPorts/binutils/package.sh6
1 files changed, 2 insertions, 4 deletions
diff --git a/Ports/binutils/package.sh b/Ports/binutils/package.sh
index 58f5405a9b..eb1adab851 100755
--- a/Ports/binutils/package.sh
+++ b/Ports/binutils/package.sh
@@ -3,9 +3,7 @@ port=binutils
version=2.37
useconfigure=true
configopts="--target=${SERENITY_ARCH}-pc-serenity --with-sysroot=/ --with-build-sysroot=${SERENITY_INSTALL_ROOT} --disable-werror --disable-gdb --disable-nls"
-files="https://ftpmirror.gnu.org/gnu/binutils/binutils-${version}.tar.xz binutils-${version}.tar.xz
-https://ftpmirror.gnu.org/gnu/binutils/binutils-${version}.tar.xz.sig binutils-${version}.tar.xz.sig
-https://ftpmirror.gnu.org/gnu/gnu-keyring.gpg gnu-keyring.gpg"
-auth_type="sig"
+files="https://ftpmirror.gnu.org/gnu/binutils/binutils-${version}.tar.xz binutils-${version}.tar.xz 820d9724f020a3e69cb337893a0b63c2db161dadcb0e06fc11dc29eb1e84a32c"
+auth_type="sha256"
auth_opts="--keyring ./gnu-keyring.gpg binutils-${version}.tar.xz.sig"
export ac_cv_func_getrusage=no
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 15:42:45 +0000