[Buildroot] [PATCH] package/qt5: bump latest version to 5.9.1
Arnout Vandecappelle
arnout at mind.be
Thu Jul 13 22:46:50 UTC 2017
On 13-07-17 17:32, Yann E. MORIN wrote:
> Thomas, Joshua, All,
>
> On 2017-07-13 09:50 +0200, Thomas Petazzoni spake thusly:
>> On Wed, 12 Jul 2017 17:51:38 -0700, Joshua Henderson wrote:
>>
>>> I tested adding hashes for all license files for 5.9.1. It turns out, this breaks the 5.6.2
>>> legal-info because there are files in common between the two versions, but with different hashes.
>>>
>>> $ make legal-info
>>>
>>> ...
>>>
>>> >>> qt5base 5.6.2 Collecting legal info
>>> LICENSE.GPLv3: OK (sha256: 245248009fd0af1725d183248380e476c1283383909358a13686606352bf2a17)
>>> ERROR: No hash found for LICENSE.LGPLv21
>>> ERROR: No hash found for LGPL_EXCEPTION.txt
>>> LICENSE.LGPLv3: OK (sha256: 68afaf3392f8c04218fbf29db43cc0b18bf651c1db086556aa584046de9f3e35)
>>> LICENSE.FDL: OK (sha256: ed8742a95cb9db653a09b050e27ccff5e67ba69c14aa2c3137f2a4e1892f6c0d)
>>> ERROR: header.BSD has wrong sha256 hash:
>>> ERROR: expected: 8fdefa0b45d9f791f687da6c2c4c83c1b701aaee2c08008f55d522af214b88f0
>>> ERROR: got : 1d05f2662f0be7544c4cc238d0957d1ed5d0edc45210e9108f905df354241a0e
>>> ERROR: Incomplete download, or man-in-the-middle (MITM) attack
>>> package/qt5/qt5base/qt5base.mk:315: recipe for target 'qt5base-legal-info' failed
>>> make[1]: *** [qt5base-legal-info] Error 1
>>> Makefile:79: recipe for target '_all' failed
>>> make: *** [_all] Error 2
>>>
>>> In the case you have different license file contents, but with the same name, between different
>>> versions of a package, how should this be handled?
>>
>> This is a *very* good question,
>
> Indeed, this is a *very* good question.
>
>> and I don't think our current support
>> for license file hashes handles this situation properly.
>
> Indeed our current infra does not support this... Dang... :-(
> I'll see what I can do with this...
>
> Until then, don't add hashes for Qt license files... :-/
>
> A first idea would be to look for a hash file in the ${VERSION}
> subdirectory, where we are currently only looking for patches. This
> should be safe, as we currently only use *.patch from there.
>
> But I'm not too happy with this... :-/
Or we could look for pkg-$(VERSION).hash and fall back to pkg.hash if that
doesn't exist. But it does complicate the code somewhat.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
More information about the buildroot
mailing list