[LEDE-DEV] [PATCH 2/2] download.mk: introduce a new variable SKIPHASH

Yousong Zhou yszhou4tech at gmail.com
Thu Oct 26 18:56:50 PDT 2017

On 26 October 2017 at 17:50, Baptiste Jonglez <git at bitsofnetworks.org> wrote:
> When calling a download target, hash verification is now completely
> skipped if the SKIPHASH variable is set.
> This allows to easily bump package version:
>     # Update PKG_VERSION in the package Makefile
>     $ make package/<mypackage>/download SKIPHASH=1 V=s
>     $ make package/<mypackage>/check FIXUP=1 V=s
> This will download the new version of the package, and then automatically
> update PKG_HASH with the hash of the new version.  Of course, it is still
> the responsibility of the packager to ensure that the new tarball is
> legitimate, because it is downloaded from a possibly untrusted source.

Introducing another knob to the build system seems cubersome.  I
remembered that hash checking would be skipped if PKG_MD5SUM var was
empty and the behaviour is very likely the same with PKG_HASH.  The
workflow can be simply emptying PKG_HASH var while bumping the
versions, then do the download and hash fixup on the second command.
This should eliminate the need for SKIPHASH var.


More information about the Lede-dev mailing list