Openwrt/scripts
Baptiste Jonglez b30ba14e2a scripts/download.pl: fail loudly if provided hash is unsupported
Currently, if the provided hash is unsupported (length different from 32
or 64 bytes), we happily download the requested file without any kind of
checksum verification.

This is quite dangerous and may provide a false sense of security, because
a single typo in the hash (e.g. one character deleted by mistake) may skip
checksum verification entirely.

Instead, fail immediately if we don't support the provided hash.
In particular, if an external package repository decides to change the
hash algorithm one day, we will now fail loudly instead of skipping
checksum verification without complaints.

Note: if some users of scripts/download.pl knowingly provide an empty hash
because they don't need checksum verification, this change will break
them.  This does not seem to be the case currently, but if this feature is
ever needed, an option should be added to download.pl instead of relying
on the hash being empty.

Fixes: eaa4eba10a ("scripts/download.pl: add SHA-256 support")

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-09-11 17:13:02 +02:00
..
config
flashing
arm-magic.sh
brcmImage.pl
bundle-libraries.sh build: bundle-libraries.sh: do not override argv[0] in inner exec calls 2017-07-24 13:39:21 +02:00
checkpatch.pl
clang-gcc-wrapper
clean-package.sh
cleanfile
cleanpatch
combined-ext-image.sh
combined-image.sh scripts: make all scripts executable 2017-07-14 04:09:16 +02:00
config.guess
config.rpath
config.sub
deptest.sh
diffconfig.sh
dl_cleanup.py
download.pl scripts/download.pl: fail loudly if provided hash is unsupported 2017-09-11 17:13:02 +02:00
env
ext-toolchain.sh
feeds
fixup-makefile.pl
gen_image_generic.sh scripts/gen_image_generic.sh: drop NOGRUB variable 2017-07-14 04:09:16 +02:00
gen-dependencies.sh
get_source_date_epoch.sh
getver.sh
ipkg-build
ipkg-make-index.sh
kconfig.pl
make-ipkg-dir.sh
md5sum
metadata.pm scripts/package-metadata.pl: parse and validate field Require-User 2017-06-18 10:39:35 +08:00
mkhash.c
mkits.sh
om-fwupgradecfg-gen.sh scripts: make all scripts executable 2017-07-14 04:09:16 +02:00
package-metadata.pl scripts/package-metadata.pl: inhibit compile deps on missing build types 2017-07-27 00:37:05 +02:00
pad_image
patch-kernel.sh
patch-specs.sh
portable_date.sh
qemustart
redboot-script.pl
relink-lib.sh
remote-gdb
rstrip.sh
slugimage.pl
srecimage.pl
strip-kmod.sh
symlink-tree.sh
sysupgrade-tar.sh
target-metadata.pl
timestamp.pl
ubinize-image.sh