depends: switch to secure download of all dependencies
Some dependency sources were downloaded via http, even though https (SSL/TLS) options are available. Even if we potentially check the integrity of the downloaded files via hash comparison, we should make use of this additional security layer. Zcash: native_cctools.mk
This commit is contained in:
parent
6dcba32cc4
commit
2e5bb0a4a2
|
@ -14,8 +14,9 @@ Each package is required to define at least these variables:
|
|||
placeholder such as 1.0 can be used.
|
||||
|
||||
$(package)_download_path:
|
||||
Location of the upstream source, without the file-name. Usually http or
|
||||
ftp.
|
||||
Location of the upstream source, without the file-name. Usually http, https
|
||||
or ftp. Secure transmission options like https should be preferred if
|
||||
available.
|
||||
|
||||
$(package)_file_name:
|
||||
The upstream source filename available at the download path.
|
||||
|
|
|
@ -5,7 +5,7 @@ $(package)_file_name=$($(package)_version).tar.gz
|
|||
$(package)_sha256_hash=a09c9ba4684670a0375e42d9d67e7f12c1f62581a27f28f7c825d6d7032ccc6a
|
||||
$(package)_build_subdir=cctools
|
||||
$(package)_clang_version=3.7.1
|
||||
$(package)_clang_download_path=http://llvm.org/releases/$($(package)_clang_version)
|
||||
$(package)_clang_download_path=https://llvm.org/releases/$($(package)_clang_version)
|
||||
$(package)_clang_download_file=clang+llvm-$($(package)_clang_version)-x86_64-linux-gnu-ubuntu-14.04.tar.xz
|
||||
$(package)_clang_file_name=clang-llvm-$($(package)_clang_version)-x86_64-linux-gnu-ubuntu-14.04.tar.xz
|
||||
$(package)_clang_sha256_hash=99b28a6b48e793705228a390471991386daa33a9717cd9ca007fcdde69608fd9
|
||||
|
|
Loading…
Reference in New Issue