It looks like the util/crossgcc/buildgcc script disables HTTPS cert
checks and doesn't have a way to verify the signatures or hashes of the
files that it receives.
download_showing_percentage() {
url=$1
printf " ..${red} 0%%"
wget --no-check-certificate $url 2>&1 | while read line; do
printf "${red}"
echo $line | grep -o "[0-9]\+%" | awk '{printf("\b\b\b\b%4s",
$1)}'
printf "${NC}"
done
}
I'm worried that this introduces a minor, but potential security
issue for the build process.
--
Trammell
--
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot
