[Buildroot] [PATCH v3] ca-certificates: new package
Yann E. MORIN
yann.morin.1998 at free.fr
Sun Jan 12 21:01:12 UTC 2014
Peter, All,
On 2014-01-12 21:32 +0100, Peter Korsgaard spake thusly:
> >>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
> > An third alternative is to add a package/pkg/pkg.hash file, which
> > contains the list of files, and their hashes; in fact, the output of the
> > hash util we'd use:
> > ABCDEF1234567890 foo-1.2.3.patch
> > ABCDEF1234567890 bla.patch
> > ABCDEF1234567890 file.bin
>
> That sounds good to me, and is easy to handle. Another alternative would
> be to make <pkg>_CHECKSUM a list of hashes, in the same order as the
> files are handled (_SOURCE, _EXTRA_DOWNLOADS, _PATCH).
And how do you suggest we correlate the hash from that list to the file
we're actually just downloaded?
The tarball is in one variable, the patches in a second, and the extra
files in a third.
We'd have to look in each of those variables to find the file, and
derive an offset in the list form that, and then extract the n-th
element of that list.
I guess this is not so easy as you think it is. ;-)
> > Also, we'd have to settle for a hash function.
[--SNIP--]
> Next to their strength is also the issue about how likely it is that
> those tools are available on the build host.
Right, those pesky companies using "Enterprise Editions" and then stuck
back in the 20th century... ;-]
sha1 shall it be, then. ;-)
(Note: sha2 was added to coreutils seven years ago, 2005-10-23)
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list