artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2aeeac) | patch
Verify but don't overwrite SHA256.sig in fw_update(8)
authorafresh1 <afresh1@openbsd.org>
Sat, 14 Oct 2023 18:10:47 +0000 (18:10 +0000)
committerafresh1 <afresh1@openbsd.org>
Sat, 14 Oct 2023 18:10:47 +0000 (18:10 +0000)
commit9763f4097f9661c2a7b71e3992059ad2b2619bd7
treefafd4f25f98623b56de6ed6634be055e4b9d0881tree | snapshot
parentd2aeeac5db3867d9f823a3775ac0b484e021cfa9commit | diff
Verify but don't overwrite SHA256.sig in fw_update(8)

Signify is happy to overwite the file with the signature stripped off.
However, if we do that, when downloading firmware we lose the ability
to check the signature before verifying checksums on the downloaded files.

Noticed by Thomas <exnihilo () fastmail ! org>
Right deraadt@
usr.sbin/fw_update/fw_update.sh diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim