[LEDE-DEV] [PATCH] scripts/download.pl: fail loudly if provided hash is unsupported

[Baptiste Jonglez]

Thanks for merging, can this be merged to lede-17.01 as well?

On 03-09-17, Baptiste Jonglez wrote:
> Currently, if the provided hash is unsupported (length different from 32
> or 64 bytes), we happily download the requested file without any kind of
> checksum verification.
> 
> This is quite dangerous and may provide a false sense of security, because
> a single typo in the hash (e.g. one character deleted by mistake) may skip
> checksum verification entirely.
> 
> Instead, fail immediately if we don't support the provided hash.
> In particular, if an external package repository decides to change the
> hash algorithm one day, we will now fail loudly instead of skipping
> checksum verification without complaints.
> 
> Note: if some users of scripts/download.pl knowingly provide an empty hash
> because they don't need checksum verification, this change will break
> them.  This does not seem to be the case currently, but if this feature is
> ever needed, an option should be added to download.pl instead of relying
> on the hash being empty.
> 
> Fixes: eaa4eba10a89 ("scripts/download.pl: add SHA-256 support")
> 
> Signed-off-by: Baptiste Jonglez <git at bitsofnetworks.org>
> ---
>  scripts/download.pl | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/scripts/download.pl b/scripts/download.pl
> index bf9fe8c761..775408934a 100755
> --- a/scripts/download.pl
> +++ b/scripts/download.pl
> @@ -88,6 +88,7 @@ sub download_cmd($) {
>  }
>  
>  my $hash_cmd = hash_cmd();
> +$hash_cmd or die "Cannot find appropriate hash command, ensure the provided hash is either a MD5 or SHA256 checksum.\n";
>  
>  sub download
>  {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170914/4ef9b77a/attachment.sig>