On 03-09-17 15:01, Baptiste Jonglez wrote: > From: Baptiste Jonglez <g...@bitsofnetworks.org> > > Currently, if the provided hash is unsupported (length different from 32 > or 64 bytes), we happily download the requested file without any kind of > checksum verification. > > This is quite dangerous and may provide a false sense of security, because > a single typo in the hash (e.g. one character deleted by mistake) may skip > checksum verification entirely. > > Instead, fail immediately if we don't support the provided hash. > In particular, if an external package repository decides to change the > hash algorithm one day, we will now fail loudly instead of skipping > checksum verification without complaints. > > Note: if some users of scripts/download.pl knowingly provide an empty hash > because they don't need checksum verification, this change will break > them. This does not seem to be the case currently, but if this feature is > ever needed, an option should be added to download.pl instead of relying > on the hash being empty. Unfortunately this change breaks the make/foo/download feature, and because of this also the script we use to update kernel versions and refresh patches for all targets. This has been discussed in #lede-dev a few times, but we never agreed on a solution. Today, this is biting me once again, and therefore I suggest to revert this change until we can agree on a solution that is both secure and doesn't break something some of use rather frequently.
Stijn _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
