[LEDE-DEV] [PATCH 2/2] download.mk: introduce a new variable SKIPHASH
Yousong Zhou
yszhou4tech at gmail.com
Thu Oct 26 18:56:50 PDT 2017
On 26 October 2017 at 17:50, Baptiste Jonglez <git at bitsofnetworks.org> wrote:
> When calling a download target, hash verification is now completely
> skipped if the SKIPHASH variable is set.
>
> This allows to easily bump package version:
>
> # Update PKG_VERSION in the package Makefile
> $ make package/<mypackage>/download SKIPHASH=1 V=s
> $ make package/<mypackage>/check FIXUP=1 V=s
>
> This will download the new version of the package, and then automatically
> update PKG_HASH with the hash of the new version. Of course, it is still
> the responsibility of the packager to ensure that the new tarball is
> legitimate, because it is downloaded from a possibly untrusted source.
Introducing another knob to the build system seems cubersome. I
remembered that hash checking would be skipped if PKG_MD5SUM var was
empty and the behaviour is very likely the same with PKG_HASH. The
workflow can be simply emptying PKG_HASH var while bumping the
versions, then do the download and hash fixup on the second command.
This should eliminate the need for SKIPHASH var.
Regards,
yousong
More information about the Lede-dev
mailing list