[LEDE-DEV] [PATCH] download: skip hash check without a download hash

Paul Oranje por at oranjevos.nl
Sun May 6 10:17:48 PDT 2018 


> Op 30 apr. 2018, om 08:39 heeft John Crispin <john at phrozen.org> het volgende geschreven:
> 
> On 30/03/18 17:34, Hauke Mehrtens wrote:
>> If the package doe not contain a PKG_HASH just skip the check instead of
>> making the download fail. The scripts/download.pl script will
>> automatically skip the hash check in case the hash value equals skip,
>> otherwise it fails.
>> 
>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
>> ---
>>  include/download.mk | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/include/download.mk b/include/download.mk
>> index 2ba8a7bdf4..b14ce2a39a 100644
>> --- a/include/download.mk
>> +++ b/include/download.mk
>> @@ -239,11 +239,11 @@ define Download/Defaults
>>    URL_FILE:=
>>    PROTO:=
>>    HASH=$$(MD5SUM)
>> -  MD5SUM:=x
>> +  MD5SUM:=skip
>>    SUBDIR:=
>>    MIRROR:=1
>>    MIRROR_HASH=$$(MIRROR_MD5SUM)
>> -  MIRROR_MD5SUM:=x
>> +  MIRROR_MD5SUM:=skip
>>    VERSION:=
>>    OPTS:=
>>  endef
> 
> Hi,
> I am against merging this patch. b30ba14e2a858cfebcfdbc38348ab96a6d179556 fixed an error where we had a copy/paste mess up of a hash causing a none valid length. we would think that there is hash that gets checked but it would never be validated. Adding your patch would introduce a similar case where a typo in the variable name would make us believe that a hash is present but in reality there it none. I'd prefer that the Makefile would have the skip inside it and that the buildsystem would then skip the validation.
> 
>     John
> 
> 
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

Sometime last year there has been some discussion about skipping hash validations in development workflows and IIRC that it could (likewise) be controlled with setting a HASH to skip and that once a change would be ready for submission a true hash value would be set.

In the context of a development workflow the effect of a hash validation being skipped is limited to the environment of the developer, but after submission that would be different (and dangerous; I presume that a merge of a patch without a proper hash value should never occur).

Please correct me if I'am wrong, regards,
Paul

More information about the Lede-dev mailing list