[arch-releng] [PATCH] [configs/releng] Add sha256sums for TianoCore efi downloads
Daniel Edgecumbe
git at esotericnonsense.com
Thu Sep 5 03:16:34 UTC 2019
We should be integrity checking these downloads.
This will also aid in future reproducibility efforts as the build will bomb
out early in case of failure.
Signed-off-by: Daniel Edgecumbe <git at esotericnonsense.com>
---
configs/releng/build.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh
index 659e8de..857e01d 100755
--- a/configs/releng/build.sh
+++ b/configs/releng/build.sh
@@ -168,9 +168,14 @@ make_efi() {
${script_path}/efiboot/loader/entries/archiso-x86_64-usb.conf > ${work_dir}/iso/loader/entries/archiso-x86_64.conf
# EFI Shell 2.0 for UEFI 2.3+
- curl -o ${work_dir}/iso/EFI/shellx64_v2.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi
+ echo "Downloading shellx64_v2.efi..."
+ curl -sSo ${work_dir}/iso/EFI/shellx64_v2.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi
+ echo "04c89f19efee2a22660fd4650ff9add88e962d102b1b713e535f4e32a07c5185 ${work_dir}/iso/EFI/shellx64_v2.efi" | sha256sum -c > /dev/null
+
# EFI Shell 1.0 for non UEFI 2.3+
- curl -o ${work_dir}/iso/EFI/shellx64_v1.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/FullShell/X64/Shell_Full.efi
+ echo "Downloading shellx64_v1.efi..."
+ curl -sSo ${work_dir}/iso/EFI/shellx64_v1.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/FullShell/X64/Shell_Full.efi
+ echo "ea5e763a8a5f9733dbf7c33ffa16a19e078c6af635b51d8457bc377a22106a8c ${work_dir}/iso/EFI/shellx64_v1.efi" | sha256sum -c > /dev/null
}
# Prepare efiboot.img::/EFI for "El Torito" EFI boot mode
--
2.23.0
More information about the arch-releng
mailing list