pkg/build: switch to sha256

SHA-1 is insecure. See a representative summary of known attacks here: https://en.wikipedia.org/wiki/Hash_function_security_summary Some external build systems warn about sha1 uses and reject to build. Whitelisting is pain. Switch to sha256.
author: Dmitry Vyukov <dvyukov@google.com> 2020-01-23 16:11:47 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2020-01-23 16:11:47 +0100
commit: 2e95ab335759ed7e1c246c2057c84d813a2c29e1 (patch)
tree: afe43c5c8155ff1cae88b2c1e992ad1692632ad3 /pkg
parent: 11ebf937fc501c384b5cf3909da95bf49cd56e81 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/build/linux.go b/pkg/build/linux.go
index 1335dce8c..a5f74db49 100644
--- a/pkg/build/linux.go
+++ b/pkg/build/linux.go
@@ -10,7 +10,7 @@
 package build
 
 import (
-	"crypto/sha1"
+	"crypto/sha256"
 	"debug/elf"
 	"encoding/hex"
 	"fmt"
@@ -164,7 +164,7 @@ func elfBinarySignature(bin string) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to open elf binary: %v", err)
 	}
-	hasher := sha1.New()
+	hasher := sha256.New()
 	for _, sec := range ef.Sections {
 		// Hash allocated sections (e.g. no debug info as it's not allocated)
 		// with file data (e.g. no bss). We also ignore .notes section as it
author	Dmitry Vyukov <dvyukov@google.com>	2020-01-23 16:11:47 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2020-01-23 16:11:47 +0100
commit	2e95ab335759ed7e1c246c2057c84d813a2c29e1 (patch)
tree	afe43c5c8155ff1cae88b2c1e992ad1692632ad3 /pkg
parent	11ebf937fc501c384b5cf3909da95bf49cd56e81 (diff)