From 2e95ab335759ed7e1c246c2057c84d813a2c29e1 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 23 Jan 2020 16:11:47 +0100
Subject: pkg/build: switch to sha256

SHA-1 is insecure. See a representative summary of known attacks here:
https://en.wikipedia.org/wiki/Hash_function_security_summary
Some external build systems warn about sha1 uses and reject to build.
Whitelisting is pain. Switch to sha256.
---
 pkg/build/linux.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pkg')

diff --git a/pkg/build/linux.go b/pkg/build/linux.go
index 1335dce8c..a5f74db49 100644
--- a/pkg/build/linux.go
+++ b/pkg/build/linux.go
@@ -10,7 +10,7 @@
 package build
 
 import (
-	"crypto/sha1"
+	"crypto/sha256"
 	"debug/elf"
 	"encoding/hex"
 	"fmt"
@@ -164,7 +164,7 @@ func elfBinarySignature(bin string) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to open elf binary: %v", err)
 	}
-	hasher := sha1.New()
+	hasher := sha256.New()
 	for _, sec := range ef.Sections {
 		// Hash allocated sections (e.g. no debug info as it's not allocated)
 		// with file data (e.g. no bss). We also ignore .notes section as it
-- 
cgit mrf-deployment