mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-08-02 22:30:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Meta: Use SHA-256 verification for downloaded CA certificate files

Browse source
This commit is contained in:
Timothy Flynn 2024-05-23 12:19:12 -04:00 committed by Tim Flynn
commit 398c99e981
Notes: sideshowbarker 2024-07-17 08:59:18 +09:00
2 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Meta/CMake/ca_certificates_data.cmake
View file

@ -1,8 +1,9 @@
include(${CMAKE_CURRENT_LIST_DIR}/utils.cmake) include(${CMAKE_CURRENT_LIST_DIR}/utils.cmake)
set(CACERT_PATH "${SERENITY_CACHE_DIR}/CACERT" CACHE PATH "Download location for cacert.pem") set(CACERT_VERSION "2023-12-12")
set(CACERT_SHA256 "ccbdfc2fe1a0d7bbbb9cc15710271acf1bb1afe4c8f1725fe95c4c7733fcbe5a")
set(CACERT_VERSION 2023-12-12) set(CACERT_PATH "${SERENITY_CACHE_DIR}/CACERT" CACHE PATH "Download location for cacert.pem")
set(CACERT_VERSION_FILE "${CACERT_PATH}/version.txt") set(CACERT_VERSION_FILE "${CACERT_PATH}/version.txt")
set(CACERT_FILE cacert-${CACERT_VERSION}.pem) set(CACERT_FILE cacert-${CACERT_VERSION}.pem)
@ -12,7 +13,7 @@ set(CACERT_INSTALL_FILE cacert.pem)
if (ENABLE_CACERT_DOWNLOAD) if (ENABLE_CACERT_DOWNLOAD)
remove_path_if_version_changed("${CACERT_VERSION}" "${CACERT_VERSION_FILE}" "${CACERT_PATH}") remove_path_if_version_changed("${CACERT_VERSION}" "${CACERT_VERSION_FILE}" "${CACERT_PATH}")
download_file("${CACERT_URL}" "${CACERT_PATH}/${CACERT_FILE}") download_file("${CACERT_URL}" "${CACERT_PATH}/${CACERT_FILE}" SHA256 "${CACERT_SHA256}")
if (NOT "${CMAKE_STAGING_PREFIX}" STREQUAL "") if (NOT "${CMAKE_STAGING_PREFIX}" STREQUAL "")
set(CACERT_INSTALL_PATH ${CMAKE_STAGING_PREFIX}/etc/${CACERT_INSTALL_FILE}) set(CACERT_INSTALL_PATH ${CMAKE_STAGING_PREFIX}/etc/${CACERT_INSTALL_FILE})

5
Meta/gn/secondary/Userland/Libraries/LibTLS/BUILD.gn
View file

@ -9,12 +9,15 @@ declare_args() {
cacert_cache = cache_path + "CACERT/" cacert_cache = cache_path + "CACERT/"
cacert_version = "2023-12-12"
if (enable_cacert_download) { if (enable_cacert_download) {
download_file("ca_certificates_download") { download_file("ca_certificates_download") {
version = "2023-12-12" version = cacert_version
url = "https://curl.se/ca/cacert-$version.pem" url = "https://curl.se/ca/cacert-$version.pem"
output = "$root_build_dir/cacert.pem" output = "$root_build_dir/cacert.pem"
version_file = cacert_cache + "version.txt" version_file = cacert_cache + "version.txt"
sha256 = "ccbdfc2fe1a0d7bbbb9cc15710271acf1bb1afe4c8f1725fe95c4c7733fcbe5a"
} }
# FIXME: Copy file to /etc/cacert.pem on serenity # FIXME: Copy file to /etc/cacert.pem on serenity
} }