ca-certificates contains sensitive security-related information,
and we want to ensure the archive that we download has not been
compromised.
Add the sha1 and sha256 hashes from Debian's packaging.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Martin Bark <martin@barkynet.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--- /dev/null
+# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
+sha1 ad57a45f0422fafd78a2e8191e5204f2306cc91b ca-certificates_20140223.tar.xz
+sha256 815b7cd97200b0d76450bb3e7d9b65997ac494ab6467b17369f65b2ef94bcb0c ca-certificates_20140223.tar.xz
projects / buildroot.git / commitdiff