[Buildroot] [PATCH v3] ca-certificates: new package

Peter Korsgaard jacmet at uclibc.org
Sun Jan 12 19:19:08 UTC 2014


>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:

Hi,

 >> > I guess there's no point in adding such a check for git, svn and all
 >> > other VCSes. Only 'static' content wouls be elligible to being checked.
 >> 
 >> Why not? I know git gives you strong integrity guarantees (if you use
 >> the sha1 atleast), but E.G. svn doesn't.

 > Because we can't guarantee the reproducibility of an archive generated
 > by git archive, since at least the file's date may change, end up in the
 > tarball, and thus generate a different hash, even if the 'content' of
 > the archive is the same. Also, a different git version may re-order the
 > files, or whatever.

Ahh, yes.

 > For a VCS, maybe the list of files and their respective contents are OK,
 > but we can't say anything about the generated archive.

True. If we implement it like _LICENSE, we can probably just not add
those tags for packages using git/hg/svn/..

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list