diff --git a/History.md b/History.md
index ebf27d40b29..fbc38e148a1 100644
--- a/History.md
+++ b/History.md
@@ -10,6 +10,11 @@
   `uglify-es` that appears to be (more actively) maintained.
   [Issue #10042](https://github.com/meteor/meteor/issues/10042)
 
+* Sub-resource integrity hashes (sha512) can now be enabled for static CSS
+  and JS assets by calling `WebAppInternals.enableSubresourceIntegrity()`.
+  [PR #9933](https://github.com/meteor/meteor/pull/9933)
+  [PR #10050](https://github.com/meteor/meteor/pull/10050)
+
 ## v1.7.0.3, 2018-06-13
 
 * Fixed [Issue #9991](https://github.com/meteor/meteor/issues/9991),
diff --git a/tools/fs/watch.js b/tools/fs/watch.js
index beaeff45125..35c0952249b 100644
--- a/tools/fs/watch.js
+++ b/tools/fs/watch.js
@@ -261,19 +261,19 @@ export function readFile(absPath) {
 };
 
 export function sha1(...args) {
-  return Profile("sha1", function () {
+  return Profile.run("sha1", function () {
     var hash = createHash('sha1');
     args.forEach(arg => hash.update(arg));
     return hash.digest('hex');
-  })();
+  });
 }
 
-export function sri(...args) {
-  return Profile("sri", function () {
+export function sha512(...args) {
+  return Profile.run("sha512", function () {
     var hash = createHash('sha512');
     args.forEach(arg => hash.update(arg));
     return hash.digest('base64');
-  })();
+  });
 }
 
 export function readDirectory({absPath, include, exclude, names}) {
diff --git a/tools/isobuild/bundler.js b/tools/isobuild/bundler.js
index 5d006c31a24..510da31f7db 100644
--- a/tools/isobuild/bundler.js
+++ b/tools/isobuild/bundler.js
@@ -529,8 +529,6 @@ export class NodeModulesDirectory {
 // Allowed options:
 // - sourcePath: path to file on disk that will provide our contents
 // - data: contents of the file as a Buffer
-// - hash: optional, sha1 hash of the file contents, if known
-// - sri: sha512 hash of file contents in base64 encoding
 // - sourceMap: if 'data' is given, can be given instead of
 //   sourcePath. a string or a JS Object. Will be stored as Object.
 // - cacheable
@@ -599,7 +597,6 @@ class File {
     this.assets = null;
 
     this._contents = options.data || null; // contents, if known, as a Buffer
-    this._hashOfContents = options.hash || null;
     this._hash = null;
     this._sri = null;
   }
@@ -615,13 +612,9 @@ class File {
 
   hash() {
     if (! this._hash) {
-      if (! this._hashOfContents) {
-        this._hashOfContents = watch.sha1(this.contents());
-      }
-
       this._hash = watch.sha1(
         String(File._salt()),
-        this._hashOfContents,
+        this.sri(),
       );
     }
 
@@ -630,10 +623,11 @@ class File {
 
   sri() {
     if (! this._sri) {
-      this._sri = watch.sri(this.contents());
+      this._sri = watch.sha512(this.contents());
     }
+
     return this._sri;
-   }
+  }
 
   // Omit encoding to get a buffer, or provide something like 'utf8'
   // to get a string
@@ -650,12 +644,10 @@ class File {
   }
 
   setContents(b) {
-    if (!(b instanceof Buffer)) {
-      throw new Error("Must set contents to a Buffer");
-    }
+    assert.ok(Buffer.isBuffer(b), "Must pass Buffer to File#setContents");
     this._contents = b;
-    // Un-cache hash.
-    this._hashOfContents = this._hash = null;
+    // Bust the hash cache.
+    this._hash = this._sri = null;
   }
 
   size() {