[Buildroot] [PATCH] package/qt5: bump latest version to 5.9.1

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Thu Jul 13 07:50:03 UTC 2017


Hello,

On Wed, 12 Jul 2017 17:51:38 -0700, Joshua Henderson wrote:

> I tested adding hashes for all license files for 5.9.1. It turns out, this breaks the 5.6.2
> legal-info because there are files in common between the two versions, but with different hashes.
> 
>     $ make legal-info
> 
>     ...
> 
>     >>> qt5base 5.6.2 Collecting legal info  
>     LICENSE.GPLv3: OK (sha256: 245248009fd0af1725d183248380e476c1283383909358a13686606352bf2a17)
>     ERROR: No hash found for LICENSE.LGPLv21
>     ERROR: No hash found for LGPL_EXCEPTION.txt
>     LICENSE.LGPLv3: OK (sha256: 68afaf3392f8c04218fbf29db43cc0b18bf651c1db086556aa584046de9f3e35)
>     LICENSE.FDL: OK (sha256: ed8742a95cb9db653a09b050e27ccff5e67ba69c14aa2c3137f2a4e1892f6c0d)
>     ERROR: header.BSD has wrong sha256 hash:
>     ERROR: expected: 8fdefa0b45d9f791f687da6c2c4c83c1b701aaee2c08008f55d522af214b88f0
>     ERROR: got     : 1d05f2662f0be7544c4cc238d0957d1ed5d0edc45210e9108f905df354241a0e
>     ERROR: Incomplete download, or man-in-the-middle (MITM) attack
>     package/qt5/qt5base/qt5base.mk:315: recipe for target 'qt5base-legal-info' failed
>     make[1]: *** [qt5base-legal-info] Error 1
>     Makefile:79: recipe for target '_all' failed
>     make: *** [_all] Error 2
> 
> In the case you have different license file contents, but with the same name, between different
> versions of a package, how should this be handled?

This is a *very* good question, and I don't think our current support
for license file hashes handles this situation properly.

I'm adding Yann and Peter in Cc.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com



More information about the buildroot mailing list