From 82897d672e711fbef13719ec52d263d889bb98f4 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Mon, 7 May 2018 16:53:06 +0200
Subject: [PATCH] Remove SHA1 verification for port downloads

Revert support for both SHA1 and SHA256 verification and support SHA256
only.

Ref #2767
---
 tool/ports/mk/install.mk | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/tool/ports/mk/install.mk b/tool/ports/mk/install.mk
index 255c9e5c8..9b4808ae5 100644
--- a/tool/ports/mk/install.mk
+++ b/tool/ports/mk/install.mk
@@ -195,19 +195,6 @@ _svn_dir = $(call _assert,$(DIR($1)),Missing declaration of DIR($*))
 
 _file_name = $(call _prefer,$(NAME($1)),$(notdir $(URL($1))))
 
-_verify_sha256 = \
-	($(ECHO) "$(SHA($1))  $(call _file_name,$1)" \
-		| sha256sum -c > /dev/null 2> /dev/null)
-
-# Generate shell code for verifying a file
-ifeq ($(CHECK_HASH),no)
-_verify_sha1 = ($(ECHO) CHECK_HASH=no enables only SHA256 checksums; false)
-else
-_verify_sha1 = \
-	($(ECHO) "$(SHA($1))  $(call _file_name,$1)" \
-		| sha1sum -c > /dev/null 2> /dev/null)
-endif
-
 # Some downloads are available via HTTPS only, but wget < 3.14 does not support
 # server-name identification, which is used by some sites. So, we disable
 # certificate checking in wget and check the validity of the download via SIG
@@ -221,8 +208,10 @@ endif
 		(test -f $$name || $(MSG_DOWNLOAD)$(URL($*))); \
 		(test -f $$name || wget --quiet --no-check-certificate $(URL($*)) -O $$name) || \
 			($(ECHO) Error: Download for $* failed; false)
-	$(VERBOSE) $(call _verify_sha256,$*) || $(call _verify_sha1,$*) \
-		|| ($(ECHO) Error: Hash sum check for $* failed; false)
+	$(VERBOSE)\
+		($(ECHO) "$(SHA($*))  $(call _file_name,$*)" |\
+		sha256sum -c > /dev/null 2> /dev/null) || \
+			($(ECHO) Error: Hash sum check for $* failed; false)
 
 
 ##