[Buildroot] [PATCH 1/1] documentation: hash source control archives
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Mon Nov 28 20:43:17 UTC 2016
Hello,
On Mon, 28 Nov 2016 09:42:22 -0500, Ash Charles wrote:
> -The +none+ hash type is reserved to those archives downloaded from a
> -repository, like a 'git clone', a 'subversion checkout'...
> +For archives downloaded from a repository e.g. from a 'git clone', a 'subversion checkout', using a locally-calculated sha256 hash is recommended although the +none+ type has also been used.
The line needs to be wrapped to 72 characters.
Also, I am not sure that the archives we produce from all version
control systems are reproducible. I'm sure it's the case for Git, but
I'm not sure for Subversion, so it might be that your statement is
actually wrong.
In addition, I think the last part "although the +none+ type has also
been used" is a bit confusing.
I think we should rather:
1. Look again closely at which version control systems currently
produce reproducible archives in Buildroot.
2. Make Buildroot actually check the hashes for the downloads made
through those version control systems.
3. Update the documentation accordingly, with a clear statement of
which packages should have hashes, which packages should not.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
More information about the buildroot
mailing list