[4/4] package/ca-certificates: add tarball's hashes

Message ID	00582a8025a651a3aefbf46849f1dd36fd1cb940.1404416102.git.yann.morin.1998@free.fr
State	Accepted
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: "Yann E. MORIN" <yann.morin.1998@free.fr> To: buildroot@buildroot.org Date: Thu, 3 Jul 2014 21:36:23 +0200 Message-Id: <00582a8025a651a3aefbf46849f1dd36fd1cb940.1404416102.git.yann.morin.1998@free.fr> In-Reply-To: <cover.1404416102.git.yann.morin.1998@free.fr> References: <cover.1404416102.git.yann.morin.1998@free.fr> Cc: "Yann E. MORIN" <yann.morin.1998@free.fr> Subject: [Buildroot] [PATCH 4/4] package/ca-certificates: add tarball's hashes Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net

Message ID

00582a8025a651a3aefbf46849f1dd36fd1cb940.1404416102.git.yann.morin.1998@free.fr

State

Accepted

Headers

From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: buildroot@buildroot.org
Date: Thu,  3 Jul 2014 21:36:23 +0200
Message-Id: <00582a8025a651a3aefbf46849f1dd36fd1cb940.1404416102.git.yann.morin.1998@free.fr>
In-Reply-To: <cover.1404416102.git.yann.morin.1998@free.fr>
References: <cover.1404416102.git.yann.morin.1998@free.fr>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Subject: [Buildroot] [PATCH 4/4] package/ca-certificates: add tarball's
	hashes
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: buildroot-bounces@busybox.net

Commit Message

Yann E. MORIN July 3, 2014, 7:36 p.m. UTC

ca-certificates contains sensitive security-related information,
and we want to ensure the archive that we download has not been
compromised.

Add the sha1 and sha256 hashes from Debian's packaging.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Martin Bark <martin@barkynet.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>

---
Changes v4 -> v5:
  - update hashes since we've bumped the version
---
 package/ca-certificates/ca-certificates.hash | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 package/ca-certificates/ca-certificates.hash

Comments

Peter Korsgaard July 4, 2014, 9:50 p.m. UTC | #1

>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:

 > ca-certificates contains sensitive security-related information,
 > and we want to ensure the archive that we download has not been
 > compromised.

 > Add the sha1 and sha256 hashes from Debian's packaging.

 > Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 > Cc: Martin Bark <martin@barkynet.com>
 > Reviewed-by: Samuel Martin <s.martin49@gmail.com>

Committed, thanks.

diff --git a/package/ca-certificates/ca-certificates.hash b/package/ca-certificates/ca-certificates.hash
new file mode 100644
index 0000000..bcd0723
--- /dev/null
+++ b/package/ca-certificates/ca-certificates.hash
@@ -0,0 +1,3 @@ 
+# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
+sha1   ad57a45f0422fafd78a2e8191e5204f2306cc91b                         ca-certificates_20140223.tar.xz
+sha256 815b7cd97200b0d76450bb3e7d9b65997ac494ab6467b17369f65b2ef94bcb0c ca-certificates_20140223.tar.xz

[4/4] package/ca-certificates: add tarball's hashes

Commit Message

Comments

Patch