On 9/4/19 11:16 PM, Daniel Edgecumbe wrote: > We should be integrity checking these downloads. > > This will also aid in future reproducibility efforts as the build will bomb > out early in case of failure. > > Signed-off-by: Daniel Edgecumbe <[email protected]> > --- > configs/releng/build.sh | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/configs/releng/build.sh b/configs/releng/build.sh > index 659e8de..857e01d 100755 > --- a/configs/releng/build.sh > +++ b/configs/releng/build.sh > @@ -168,9 +168,14 @@ make_efi() { > ${script_path}/efiboot/loader/entries/archiso-x86_64-usb.conf > > ${work_dir}/iso/loader/entries/archiso-x86_64.conf > > # EFI Shell 2.0 for UEFI 2.3+ > - curl -o ${work_dir}/iso/EFI/shellx64_v2.efi > https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi > + echo "Downloading shellx64_v2.efi..." > + curl -sSo ${work_dir}/iso/EFI/shellx64_v2.efi > https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi > + echo "04c89f19efee2a22660fd4650ff9add88e962d102b1b713e535f4e32a07c5185 > ${work_dir}/iso/EFI/shellx64_v2.efi" | sha256sum -c > /dev/null > + > # EFI Shell 1.0 for non UEFI 2.3+ > - curl -o ${work_dir}/iso/EFI/shellx64_v1.efi > https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/FullShell/X64/Shell_Full.efi > + echo "Downloading shellx64_v1.efi..." > + curl -sSo ${work_dir}/iso/EFI/shellx64_v1.efi > https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/FullShell/X64/Shell_Full.efi > + echo "ea5e763a8a5f9733dbf7c33ffa16a19e078c6af635b51d8457bc377a22106a8c > ${work_dir}/iso/EFI/shellx64_v1.efi" | sha256sum -c > /dev/null > } > > # Prepare efiboot.img::/EFI for "El Torito" EFI boot mode
+1, this seems a lot more reasonable. Although I wonder if maybe it would make sense to build it from source ourselves, possibly as a pacman package. -- Eli Schwartz Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
