ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-07 03:29:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use SHA256 digest on signatures to avoid SHA1 collision attacks (issue #120)

Browse Source
This commit is contained in:
Trammell Hudson 2017-05-04 11:18:50 -04:00
parent 2b2c00e594
commit a5d4c65533
Failed to extract signature
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
initrd/bin/qubes-update
View File

@ -70,7 +70,12 @@ sha256sum \
| tee "$BOOT_HASHES" | tee "$BOOT_HASHES"
for tries in 1 2 3; do for tries in 1 2 3; do
if gpg --detach-sign -a "$BOOT_HASHES"; then if gpg \
--digest-algo SHA256 \
--detach-sign \
-a \
"$BOOT_HASHES" \
; then
mount -o ro,remount /boot mount -o ro,remount /boot
exit 0 exit 0
fi fi