From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue, 20 Sep 2016 17:38:03 +0000 (+0200)
Subject: add cryptographic assurances when fetching the toolchain
X-Git-Url: https://jxself.org/git/?p=open-ath9k-htc-firmware.git;a=commitdiff_plain;h=90a7b1626a3a73b3646888062b9dbccc3c9d1530;hp=90a7b1626a3a73b3646888062b9dbccc3c9d1530

add cryptographic assurances when fetching the toolchain

Previously, anyone tampering with the network could have modified the
toolchain source code in transit and the build would have proceeded as
expected.

With this patch, we can ensure that we're getting the expected
tarballs from upstream.

If the required toolchain packages change in the future, the sha256
digests of the new packages should be updated in Makefile as well.

Updated-by: Oleksij Rempel <linux@rempel-privat.de>
---