[Buildroot] [PATCH] package/qt5: bump latest version to 5.9.1
Yann E. MORIN
yann.morin.1998 at free.fr
Thu Jul 13 15:32:20 UTC 2017
Thomas, Joshua, All,
On 2017-07-13 09:50 +0200, Thomas Petazzoni spake thusly:
> On Wed, 12 Jul 2017 17:51:38 -0700, Joshua Henderson wrote:
>
> > I tested adding hashes for all license files for 5.9.1. It turns out, this breaks the 5.6.2
> > legal-info because there are files in common between the two versions, but with different hashes.
> >
> > $ make legal-info
> >
> > ...
> >
> > >>> qt5base 5.6.2 Collecting legal info
> > LICENSE.GPLv3: OK (sha256: 245248009fd0af1725d183248380e476c1283383909358a13686606352bf2a17)
> > ERROR: No hash found for LICENSE.LGPLv21
> > ERROR: No hash found for LGPL_EXCEPTION.txt
> > LICENSE.LGPLv3: OK (sha256: 68afaf3392f8c04218fbf29db43cc0b18bf651c1db086556aa584046de9f3e35)
> > LICENSE.FDL: OK (sha256: ed8742a95cb9db653a09b050e27ccff5e67ba69c14aa2c3137f2a4e1892f6c0d)
> > ERROR: header.BSD has wrong sha256 hash:
> > ERROR: expected: 8fdefa0b45d9f791f687da6c2c4c83c1b701aaee2c08008f55d522af214b88f0
> > ERROR: got : 1d05f2662f0be7544c4cc238d0957d1ed5d0edc45210e9108f905df354241a0e
> > ERROR: Incomplete download, or man-in-the-middle (MITM) attack
> > package/qt5/qt5base/qt5base.mk:315: recipe for target 'qt5base-legal-info' failed
> > make[1]: *** [qt5base-legal-info] Error 1
> > Makefile:79: recipe for target '_all' failed
> > make: *** [_all] Error 2
> >
> > In the case you have different license file contents, but with the same name, between different
> > versions of a package, how should this be handled?
>
> This is a *very* good question,
Indeed, this is a *very* good question.
> and I don't think our current support
> for license file hashes handles this situation properly.
Indeed our current infra does not support this... Dang... :-(
I'll see what I can do with this...
Until then, don't add hashes for Qt license files... :-/
A first idea would be to look for a hash file in the ${VERSION}
subdirectory, where we are currently only looking for patches. This
should be safe, as we currently only use *.patch from there.
But I'm not too happy with this... :-/
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list