Does ST publish hashes for Cube IDE install packages?

Forum|Forum|1 year ago
July 13, 2024
3 replies
997 views

Does ST publish hashes for its install packages, enabling one to check whether an archived (say) Cube IDE 1.14.1 has been corrupted?

The reason for asking is that I am developing a product for a customer and may have to send him a version which is no longer on the ST website, and he is likely to have trust issues with that.

Tesla DeLorean

Guru

Well the mechanics for the update process does have separate files with signing/hash mechanics. I'm not sure they are presented in a public fashion, or retrospective.

Personally I'd perhaps like to see ECDSA, and a public key from ST Micro.

The main page does offer older versions, via "Select Version" I see 1.14.0 for Linux, perhaps that can upgrade / patch itself. And 1.14.0 and 1.14.1 for Windows

https://www.st.com/en/development-tools/stm32cubeide.html

https://www.st.com/content/ccc/resource/technical/software/sw_development_suite/group0/fc/5f/56/08/fc/9b/42/a9/stm32cubeide-win/files/st-stm32cubeide_1.14.1_20064_20240111_1413_x86_64.exe.zip/jcr:content/translations/en.st-stm32cubeide_1.14.1_20064_20240111_1413_x86_64.exe.zip

@STOne-32 @STTwo-32 package hashes?

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..

Pavel A.

Super User

Full installers (.exe files) for Windows are signed and Windows itself can verify the signature:

So this is all the user wants or needs.

OS/X packages have similar signatures. Linux - not sure.

PHolt.1Author

Senior

Thank you Pavel. I guess that is sufficient.

Unfortunately the x.x.0 versions are usually not usable - e.g. 1.15.0 breaks the debugger and other stuff, but ST are keeping only these x.x.0 versions on their website, and only for a while. So I would have to archive the one I want to keep, and rely on the signature.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded