genode/tool/ports/mk
Emery Hemingway 80b3994500 prepare_port: prefer SHA256 file verification
SHA1 is susceptible to collision attacks and is generally deprecated.
Source code archives are particularly vulnerable because the hash digest
can be tweaked by hiding by arbitrary data in code comments and files
not processed during build.

With this in mind the 'prepare_port' tool now attempts to verify digests
as SHA256 with a fallback to SHA1. When CHECK_HASH=no is set the tool
will refuse to verify digests as SHA1. The use of SHA1 for creating
unique port versions is retained because the hashes are produced locally
from inputs stored in a git history.

Issue #2767
2018-05-03 15:31:19 +02:00
..
check_port_arg.inc Add 'update_hash' and 'list' to tool/ports 2014-05-27 13:45:03 +02:00
check.mk tool: second try on failing check of file-based port 2017-03-15 12:24:44 +01:00
common.inc Ensure stable sorting order in tools 2017-11-06 13:57:25 +01:00
front_end.inc Add 'update_hash' and 'list' to tool/ports 2014-05-27 13:45:03 +02:00
hash.inc ports: also hash patches with absolute path names 2015-01-27 12:17:53 +01:00
install.mk prepare_port: prefer SHA256 file verification 2018-05-03 15:31:19 +02:00
prepare_single_port.mk prepare_port: prepare multiple ports at once 2016-03-07 12:34:43 +01:00