On 9/4/19 11:16 PM, Daniel Edgecumbe wrote:
We should be integrity checking these downloads.
This will also aid in future reproducibility efforts as the build will bomb out early in case of failure.
Signed-off-by: Daniel Edgecumbe <git@esotericnonsense.com> --- configs/releng/build.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 659e8de..857e01d 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -168,9 +168,14 @@ make_efi() { ${script_path}/efiboot/loader/entries/archiso-x86_64-usb.conf > ${work_dir}/iso/loader/entries/archiso-x86_64.conf
# EFI Shell 2.0 for UEFI 2.3+ - curl -o ${work_dir}/iso/EFI/shellx64_v2.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShe... + echo "Downloading shellx64_v2.efi..." + curl -sSo ${work_dir}/iso/EFI/shellx64_v2.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShe... + echo "04c89f19efee2a22660fd4650ff9add88e962d102b1b713e535f4e32a07c5185 ${work_dir}/iso/EFI/shellx64_v2.efi" | sha256sum -c > /dev/null + # EFI Shell 1.0 for non UEFI 2.3+ - curl -o ${work_dir}/iso/EFI/shellx64_v1.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/Full... + echo "Downloading shellx64_v1.efi..." + curl -sSo ${work_dir}/iso/EFI/shellx64_v1.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/Full... + echo "ea5e763a8a5f9733dbf7c33ffa16a19e078c6af635b51d8457bc377a22106a8c ${work_dir}/iso/EFI/shellx64_v1.efi" | sha256sum -c > /dev/null }
# Prepare efiboot.img::/EFI for "El Torito" EFI boot mode
+1, this seems a lot more reasonable. Although I wonder if maybe it would make sense to build it from source ourselves, possibly as a pacman package. -- Eli Schwartz Bug Wrangler and Trusted User