[LEDE-DEV] [PATCH] download: skip hash check without a download hash
Paul Oranje
por at oranjevos.nl
Sun May 6 10:17:48 PDT 2018
> Op 30 apr. 2018, om 08:39 heeft John Crispin <john at phrozen.org> het volgende geschreven:
>
> On 30/03/18 17:34, Hauke Mehrtens wrote:
>> If the package doe not contain a PKG_HASH just skip the check instead of
>> making the download fail. The scripts/download.pl script will
>> automatically skip the hash check in case the hash value equals skip,
>> otherwise it fails.
>>
>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
>> ---
>> include/download.mk | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/download.mk b/include/download.mk
>> index 2ba8a7bdf4..b14ce2a39a 100644
>> --- a/include/download.mk
>> +++ b/include/download.mk
>> @@ -239,11 +239,11 @@ define Download/Defaults
>> URL_FILE:=
>> PROTO:=
>> HASH=$$(MD5SUM)
>> - MD5SUM:=x
>> + MD5SUM:=skip
>> SUBDIR:=
>> MIRROR:=1
>> MIRROR_HASH=$$(MIRROR_MD5SUM)
>> - MIRROR_MD5SUM:=x
>> + MIRROR_MD5SUM:=skip
>> VERSION:=
>> OPTS:=
>> endef
>
> Hi,
> I am against merging this patch. b30ba14e2a858cfebcfdbc38348ab96a6d179556 fixed an error where we had a copy/paste mess up of a hash causing a none valid length. we would think that there is hash that gets checked but it would never be validated. Adding your patch would introduce a similar case where a typo in the variable name would make us believe that a hash is present but in reality there it none. I'd prefer that the Makefile would have the skip inside it and that the buildsystem would then skip the validation.
>
> John
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
Sometime last year there has been some discussion about skipping hash validations in development workflows and IIRC that it could (likewise) be controlled with setting a HASH to skip and that once a change would be ready for submission a true hash value would be set.
In the context of a development workflow the effect of a hash validation being skipped is limited to the environment of the developer, but after submission that would be different (and dangerous; I presume that a merge of a patch without a proper hash value should never occur).
Please correct me if I'am wrong, regards,
Paul
More information about the Lede-dev
mailing list