[LEDE-DEV] [PATCH] scripts/download.pl: fail loudly if provided hash is unsupported
Stijn Tintel
stijn at linux-ipv6.be
Sun Sep 24 13:44:04 PDT 2017
On 03-09-17 15:01, Baptiste Jonglez wrote:
> From: Baptiste Jonglez <git at bitsofnetworks.org>
>
> Currently, if the provided hash is unsupported (length different from 32
> or 64 bytes), we happily download the requested file without any kind of
> checksum verification.
>
> This is quite dangerous and may provide a false sense of security, because
> a single typo in the hash (e.g. one character deleted by mistake) may skip
> checksum verification entirely.
>
> Instead, fail immediately if we don't support the provided hash.
> In particular, if an external package repository decides to change the
> hash algorithm one day, we will now fail loudly instead of skipping
> checksum verification without complaints.
>
> Note: if some users of scripts/download.pl knowingly provide an empty hash
> because they don't need checksum verification, this change will break
> them. This does not seem to be the case currently, but if this feature is
> ever needed, an option should be added to download.pl instead of relying
> on the hash being empty.
Unfortunately this change breaks the make/foo/download feature, and
because of this also the script we use to update kernel versions and
refresh patches for all targets. This has been discussed in #lede-dev a
few times, but we never agreed on a solution. Today, this is biting me
once again, and therefore I suggest to revert this change until we can
agree on a solution that is both secure and doesn't break something some
of use rather frequently.
Stijn
More information about the Lede-dev
mailing list