| Message ID | 05e1570e0377fc9e913819765ecb8e488b6b6c1a.1451483256.git.alex.suykov@gmail.com |
|---|---|
| State | Rejected |
| Headers | show |
Dear Alex Suykov, On Wed, 30 Dec 2015 16:06:05 +0200, Alex Suykov wrote: > The package uses git to download the sources. > > Signed-off-by: Alex Suykov <alex.suykov@gmail.com> I think it is good to have hash files in this case, even if they simply indicate "there's no hash". This way, we will be able in the future to make hash files mandatory. I *think* this was part of the conclusion we had at the latest Buildroot Developers Meeting, even if the write up at http://elinux.org/Buildroot:DeveloperDaysELCE2015 doesn't make this completely clear. Thanks! Thomas
On 30-12-15 16:00, Thomas Petazzoni wrote: > Dear Alex Suykov, > > On Wed, 30 Dec 2015 16:06:05 +0200, Alex Suykov wrote: >> The package uses git to download the sources. >> >> Signed-off-by: Alex Suykov <alex.suykov@gmail.com> > > I think it is good to have hash files in this case, even if they simply > indicate "there's no hash". This way, we will be able in the future to > make hash files mandatory. > > I *think* this was part of the conclusion we had at the latest > Buildroot Developers Meeting, even if the write up at > http://elinux.org/Buildroot:DeveloperDaysELCE2015 doesn't make this > completely clear. I think we didn't get to a clear conclusion, except about the github hashes. Regards, Arnout
Arnout, On Wed, 30 Dec 2015 22:41:13 +0100, Arnout Vandecappelle wrote: > > I *think* this was part of the conclusion we had at the latest > > Buildroot Developers Meeting, even if the write up at > > http://elinux.org/Buildroot:DeveloperDaysELCE2015 doesn't make this > > completely clear. > > I think we didn't get to a clear conclusion, except about the github hashes. OK, so what do we do ? Thomas
On 30-12-15 22:53, Thomas Petazzoni wrote: > Arnout, > > On Wed, 30 Dec 2015 22:41:13 +0100, Arnout Vandecappelle wrote: > >>> I *think* this was part of the conclusion we had at the latest >>> Buildroot Developers Meeting, even if the write up at >>> http://elinux.org/Buildroot:DeveloperDaysELCE2015 doesn't make this >>> completely clear. >> >> I think we didn't get to a clear conclusion, except about the github hashes. > > OK, so what do we do ? IIRC the main reason why we didn't fully go for the "add hash files for all packages" approach was that we would need to add an empty hash file for about 300 packages. But then we discovered that github could have hash files, but we weren't entirely sure yet if that was really true. So I think now we can safely conclude that a hash file should be added for all packages, even if it just contains 'none' hashes. It is definitely an advantage to be able to distinguish packages that should still get a hash from packages of which we already decided that the hash should be 'none'. Regards, Arnout
Arnout, On Wed, 30 Dec 2015 23:10:49 +0100, Arnout Vandecappelle wrote: > IIRC the main reason why we didn't fully go for the "add hash files for all > packages" approach was that we would need to add an empty hash file for about > 300 packages. But then we discovered that github could have hash files, but we > weren't entirely sure yet if that was really true. > > So I think now we can safely conclude that a hash file should be added for all > packages, even if it just contains 'none' hashes. It is definitely an advantage > to be able to distinguish packages that should still get a hash from packages of Agreed. Thomas
Wed, Dec 30, 2015 at 11:53:23PM +0100, Thomas Petazzoni wrote: > > So I think now we can safely conclude that a hash file should be added for all > > packages, even if it just contains 'none' hashes. It is definitely an advantage > > to be able to distinguish packages that should still get a hash from packages of > > Agreed. Ok, got it. Does it make sense to update the file name in .hash, or is it ok to leave it as is since it's not used anyway? It's (version).tar.gz now but the git checkout gets saved as vboot-utils-(version).tar.gz.
>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes: Hi, > So I think now we can safely conclude that a hash file should be > added for all packages, even if it just contains 'none' hashes. It is > definitely an advantage to be able to distinguish packages that > should still get a hash from packages of which we already decided > that the hash should be 'none'. Yes, makes sense to me.
Alex, All, On 2016-01-01 16:52 +0200, Alex Suykov spake thusly: > Wed, Dec 30, 2015 at 11:53:23PM +0100, Thomas Petazzoni wrote: > > > > So I think now we can safely conclude that a hash file should be added for all > > > packages, even if it just contains 'none' hashes. It is definitely an advantage > > > to be able to distinguish packages that should still get a hash from packages of > > > > Agreed. > > Ok, got it. > > Does it make sense to update the file name in .hash, or is it ok to leave it as is > since it's not used anyway? It's (version).tar.gz now but the git checkout gets saved > as vboot-utils-(version).tar.gz. Yes, you should update the file name, so that it matches the name the archive is saved as. Thanks for spotting the problem! :-) Regards, Yann E. MORIN.
diff --git a/package/vboot-utils/vboot-utils.hash b/package/vboot-utils/vboot-utils.hash deleted file mode 100644 index e161423..0000000 --- a/package/vboot-utils/vboot-utils.hash +++ /dev/null @@ -1,2 +0,0 @@ -# Git shapshot -none xxx bbdd62f9b030db7ad8eef789aaf58a7ff9a25656.tar.gz
The package uses git to download the sources. Signed-off-by: Alex Suykov <alex.suykov@gmail.com> --- package/vboot-utils/vboot-utils.hash | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 package/vboot-utils/vboot-utils.hash