From f84cd5f8aad7d8029379510ee5aabef0d237b6dc Mon Sep 17 00:00:00 2001
From: adisbladis <adisbladis@gmail.com>
Date: Tue, 14 Jul 2020 20:26:15 +0200
Subject: [PATCH] firefox-bin: Switch to sha256 sums in update scripts

There is no extra security properties provided by sha512, they are
just bigger.
---
 .../networking/browsers/firefox-bin/default.nix             | 2 +-
 .../applications/networking/browsers/firefox-bin/update.nix | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/networking/browsers/firefox-bin/default.nix b/pkgs/applications/networking/browsers/firefox-bin/default.nix
index 8f060128561..6f5b18bd56c 100644
--- a/pkgs/applications/networking/browsers/firefox-bin/default.nix
+++ b/pkgs/applications/networking/browsers/firefox-bin/default.nix
@@ -85,7 +85,7 @@ in
 stdenv.mkDerivation {
   inherit name;
 
-  src = fetchurl { inherit (source) url sha512; };
+  src = fetchurl { inherit (source) url sha256; };
 
   phases = [ "unpackPhase" "patchPhase" "installPhase" "fixupPhase" ];
 
diff --git a/pkgs/applications/networking/browsers/firefox-bin/update.nix b/pkgs/applications/networking/browsers/firefox-bin/update.nix
index d6593be8890..9eab876012c 100644
--- a/pkgs/applications/networking/browsers/firefox-bin/update.nix
+++ b/pkgs/applications/networking/browsers/firefox-bin/update.nix
@@ -47,8 +47,8 @@ in writeScript "update-${name}" ''
            grep -e "${if isBeta then "b" else ""}\([[:digit:]]\|[[:digit:]][[:digit:]]\)$" | ${if isBeta then "" else "grep -v \"b\" |"} \
            tail -1`
 
-  curl --silent -o $HOME/shasums "$url$version/SHA512SUMS"
-  curl --silent -o $HOME/shasums.asc "$url$version/SHA512SUMS.asc"
+  curl --silent -o $HOME/shasums "$url$version/SHA256SUMS"
+  curl --silent -o $HOME/shasums.asc "$url$version/SHA256SUMS.asc"
   gpgv --keyring=$GNUPGHOME/pubring.kbx $HOME/shasums.asc $HOME/shasums
 
   # this is a list of sha512 and tarballs for both arches
@@ -74,7 +74,7 @@ in writeScript "update-${name}" ''
       { url = "$url$version/`echo $line | cut -d":" -f3`";
         locale = "`echo $line | cut -d":" -f3 | sed "s/$arch\///" | sed "s/\/.*//"`";
         arch = "$arch";
-        sha512 = "`echo $line | cut -d":" -f1`";
+        sha256 = "`echo $line | cut -d":" -f1`";
       }
   EOF
     done