From 120bc32b81e6ebc1991ca85a8631a3167bbd2a4b Mon Sep 17 00:00:00 2001 From: Alejandro Cabeza Romero Date: Thu, 7 May 2026 13:12:45 +0200 Subject: [PATCH] Update checksum comment. --- rust/logos-blockchain-circuits-poc-sys/build.rs | 4 +++- rust/logos-blockchain-circuits-pol-sys/build.rs | 4 +++- rust/logos-blockchain-circuits-poq-sys/build.rs | 4 +++- rust/logos-blockchain-circuits-signature-sys/build.rs | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/rust/logos-blockchain-circuits-poc-sys/build.rs b/rust/logos-blockchain-circuits-poc-sys/build.rs index 1401e8e..89f319d 100644 --- a/rust/logos-blockchain-circuits-poc-sys/build.rs +++ b/rust/logos-blockchain-circuits-poc-sys/build.rs @@ -19,7 +19,9 @@ fn get_artifact_url(version: &str, os: &str, arch: &str) -> String { fn fetch_library(version: &str, os: &str, arch: &str) -> Response { let url = get_artifact_url(version, os, arch); - // TODO: Verify checksum. + // We skip checksum verification intentionally. Hardcoded hashes would protect against a + // silently replaced release asset, but require a two-step release (build → hash → commit → + // tag) which we consider too costly for now. ureq::get(&url).call().unwrap_or_else(|error| { panic!( "Failed to download a prebuilt library for {os}-{arch} v{version}: {error}. \ diff --git a/rust/logos-blockchain-circuits-pol-sys/build.rs b/rust/logos-blockchain-circuits-pol-sys/build.rs index a658ef8..9d0735e 100644 --- a/rust/logos-blockchain-circuits-pol-sys/build.rs +++ b/rust/logos-blockchain-circuits-pol-sys/build.rs @@ -19,7 +19,9 @@ fn get_artifact_url(version: &str, os: &str, arch: &str) -> String { fn fetch_library(version: &str, os: &str, arch: &str) -> Response { let url = get_artifact_url(version, os, arch); - // TODO: Verify checksum. + // We skip checksum verification intentionally. Hardcoded hashes would protect against a + // silently replaced release asset, but require a two-step release (build → hash → commit → + // tag) which we consider too costly for now. ureq::get(&url).call().unwrap_or_else(|error| { panic!( "Failed to download a prebuilt library for {os}-{arch} v{version}: {error}. \ diff --git a/rust/logos-blockchain-circuits-poq-sys/build.rs b/rust/logos-blockchain-circuits-poq-sys/build.rs index 12dbdb5..68d607d 100644 --- a/rust/logos-blockchain-circuits-poq-sys/build.rs +++ b/rust/logos-blockchain-circuits-poq-sys/build.rs @@ -19,7 +19,9 @@ fn get_artifact_url(version: &str, os: &str, arch: &str) -> String { fn fetch_library(version: &str, os: &str, arch: &str) -> Response { let url = get_artifact_url(version, os, arch); - // TODO: Verify checksum. + // We skip checksum verification intentionally. Hardcoded hashes would protect against a + // silently replaced release asset, but require a two-step release (build → hash → commit → + // tag) which we consider too costly for now. ureq::get(&url).call().unwrap_or_else(|error| { panic!( "Failed to download a prebuilt library for {os}-{arch} v{version}: {error}. \ diff --git a/rust/logos-blockchain-circuits-signature-sys/build.rs b/rust/logos-blockchain-circuits-signature-sys/build.rs index 0aa8795..05b675f 100644 --- a/rust/logos-blockchain-circuits-signature-sys/build.rs +++ b/rust/logos-blockchain-circuits-signature-sys/build.rs @@ -19,7 +19,9 @@ fn get_artifact_url(version: &str, os: &str, arch: &str) -> String { fn fetch_library(version: &str, os: &str, arch: &str) -> Response { let url = get_artifact_url(version, os, arch); - // TODO: Verify checksum. + // We skip checksum verification intentionally. Hardcoded hashes would protect against a + // silently replaced release asset, but require a two-step release (build → hash → commit → + // tag) which we consider too costly for now. ureq::get(&url).call().unwrap_or_else(|error| { panic!( "Failed to download a prebuilt library for {os}-{arch} v{version}: {error}. \