[Buildroot] [PATCH] package/qt5: bump latest version to 5.9.1

Arnout Vandecappelle arnout at mind.be
Thu Jul 13 22:46:50 UTC 2017 


On 13-07-17 17:32, Yann E. MORIN wrote:
> Thomas, Joshua, All,
> 
> On 2017-07-13 09:50 +0200, Thomas Petazzoni spake thusly:
>> On Wed, 12 Jul 2017 17:51:38 -0700, Joshua Henderson wrote:
>>
>>> I tested adding hashes for all license files for 5.9.1. It turns out, this breaks the 5.6.2
>>> legal-info because there are files in common between the two versions, but with different hashes.
>>>
>>>     $ make legal-info
>>>
>>>     ...
>>>
>>>     >>> qt5base 5.6.2 Collecting legal info  
>>>     LICENSE.GPLv3: OK (sha256: 245248009fd0af1725d183248380e476c1283383909358a13686606352bf2a17)
>>>     ERROR: No hash found for LICENSE.LGPLv21
>>>     ERROR: No hash found for LGPL_EXCEPTION.txt
>>>     LICENSE.LGPLv3: OK (sha256: 68afaf3392f8c04218fbf29db43cc0b18bf651c1db086556aa584046de9f3e35)
>>>     LICENSE.FDL: OK (sha256: ed8742a95cb9db653a09b050e27ccff5e67ba69c14aa2c3137f2a4e1892f6c0d)
>>>     ERROR: header.BSD has wrong sha256 hash:
>>>     ERROR: expected: 8fdefa0b45d9f791f687da6c2c4c83c1b701aaee2c08008f55d522af214b88f0
>>>     ERROR: got     : 1d05f2662f0be7544c4cc238d0957d1ed5d0edc45210e9108f905df354241a0e
>>>     ERROR: Incomplete download, or man-in-the-middle (MITM) attack
>>>     package/qt5/qt5base/qt5base.mk:315: recipe for target 'qt5base-legal-info' failed
>>>     make[1]: *** [qt5base-legal-info] Error 1
>>>     Makefile:79: recipe for target '_all' failed
>>>     make: *** [_all] Error 2
>>>
>>> In the case you have different license file contents, but with the same name, between different
>>> versions of a package, how should this be handled?
>>
>> This is a *very* good question,
> 
> Indeed, this is a *very* good question.
> 
>> and I don't think our current support
>> for license file hashes handles this situation properly.
> 
> Indeed our current infra does not support this... Dang... :-(
> I'll see what I can do with this...
> 
> Until then, don't add hashes for Qt license files... :-/
> 
> A first idea would be to look for a hash file in the ${VERSION}
> subdirectory, where we are currently only looking for patches. This
> should be safe, as we currently only use *.patch from there.
> 
> But I'm not too happy with this... :-/

 Or we could look for pkg-$(VERSION).hash and fall back to pkg.hash if that
doesn't exist. But it does complicate the code somewhat.

 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

More information about the buildroot mailing list