[Buildroot] [PATCH 1/4] package/openjdk: fix hash
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sat Apr 18 10:01:34 UTC 2020
On Fri, 17 Apr 2020 16:29:19 -0700
aduskett at gmail.com wrote:
> From: Adam Duskett <Aduskett at gmail.com>
>
> The hash should be
> 6815dbac7dd0f86291254e84ed17565c89477eeb6b0847a9648b00ecb4f07634
No, the hash was
6815dbac7dd0f86291254e84ed17565c89477eeb6b0847a9648b00ecb4f07634, and
it is now
fcd13ebd63d40c1c2f3cabfb7bc368962ff7b5935523be2a0e769352987145ae.
But still, why do you fix hashes like that, without investigating at
least a little bit what's going on? How come we committed a wrong hash?
How come there are no build failures related to this incorrect hash?
If you look at
http://autobuild.buildroot.net/results/0a4/0a4608828365df301114b533d6b59a4733599d94/build-end.log,
you will see why:
- We download from the original upstream location, and indeed the hash
of the upstream tarball is
fcd13ebd63d40c1c2f3cabfb7bc368962ff7b5935523be2a0e769352987145ae,
but we expect
6815dbac7dd0f86291254e84ed17565c89477eeb6b0847a9648b00ecb4f07634
- So we fallback to sources.buildroot.net, and here the tarball has
the expected hash, i.e
6815dbac7dd0f86291254e84ed17565c89477eeb6b0847a9648b00ecb4f07634
So this means that:
(1) Upstream changed the contents of their tarball, which is really
BAD and we want to understand what are the changes. So you should
diff the new upstream tarball, and the tarball that we have in
sources.buildroot.net and investigate the differences.
(2) We need to notify upstream that this is really bad.
(3) You can't change the hash just like this, because it would mean
that the hash would no longer match with the tarball we have
backed up on sources.buildroot.net.
If we have hashes, it's not to blindly update them. We have hashes
precisely to detect that kind of situation, so if you blindly update
the hashes without doing any investigation, it makes it completely
useless to have hashes.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list