depends: switch to secure download of all dependencies

Some dependency sources were downloaded via http, even though https (SSL/TLS) options are available. Even if we potentially check the integrity of the downloaded files via hash comparison, we should make use of this additional security layer. Zcash: native_cctools.mk
2019-05-19 19:58:29 +00:00 · 2019-05-19 19:58:29 +00:00 · 2e5bb0a4a2
parent 6dcba32cc4
commit 2e5bb0a4a2
2 changed files with 4 additions and 3 deletions
--- a/depends/packages.md
+++ b/depends/packages.md
@ -14,8 +14,9 @@ Each package is required to define at least these variables:
    placeholder such as 1.0 can be used.

    $(package)_download_path:
-    Location of the upstream source, without the file-name. Usually http or
-    ftp.
+    Location of the upstream source, without the file-name. Usually http, https
+    or ftp. Secure transmission options like https should be preferred if
+    available.

    $(package)_file_name:
    The upstream source filename available at the download path.
--- a/depends/packages/native_cctools.mk
+++ b/depends/packages/native_cctools.mk
@ -5,7 +5,7 @@ $(package)_file_name=$($(package)_version).tar.gz
 $(package)_sha256_hash=a09c9ba4684670a0375e42d9d67e7f12c1f62581a27f28f7c825d6d7032ccc6a
 $(package)_build_subdir=cctools
 $(package)_clang_version=3.7.1
-$(package)_clang_download_path=http://llvm.org/releases/$($(package)_clang_version)
+$(package)_clang_download_path=https://llvm.org/releases/$($(package)_clang_version)
 $(package)_clang_download_file=clang+llvm-$($(package)_clang_version)-x86_64-linux-gnu-ubuntu-14.04.tar.xz
 $(package)_clang_file_name=clang-llvm-$($(package)_clang_version)-x86_64-linux-gnu-ubuntu-14.04.tar.xz
 $(package)_clang_sha256_hash=99b28a6b48e793705228a390471991386daa33a9717cd9ca007fcdde69608fd9