feat: add checksums verification to Gradle

Open validcube opened this issue 3 years ago • 2 comments

🔧 Add checksums check to Gradle

Allows for verification for the downloaded binary using SHA-256 hash comparison. This increases security against targeted attacks by preventing a man-in-the-middle attacker from tampering with the downloaded Gradle and in rare case, attacker gets access to the Gradle servers.

add distributionSha256Sum to Gradle properties

Note

The checksum is provided here - https://gradle.org/release-checksums/

Resource

Gradle documentation - Configuring SHA-256 checksum verification

Apr 24 '23 11:04 validcube

I love git

Apr 29 '23 15:04 validcube

while we are here, should we add sha256 checksums to revanced manager's release?

Apr 29 '23 16:04 SodaWithoutSparkles