|author||Yann E. MORIN <firstname.lastname@example.org>||2015-04-01 00:15:02 +0200|
|committer||Thomas Petazzoni <email@example.com>||2015-04-03 14:08:00 +0200|
package infra: do not check hashes when downloading from a repository
When downloading from a repository, we have no way to ensure the reproducibility of the generated archives, so we can't check the hashes. Do not specifiy a hash file in those cases. Signed-off-by: "Yann E. MORIN" <firstname.lastname@example.org> Cc: Thomas Petazzoni <email@example.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <firstname.lastname@example.org> Reviewed-by: Samuel Martin <email@example.com> Signed-off-by: Thomas Petazzoni <firstname.lastname@example.org>
Diffstat (limited to 'docs/manual')
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/manual/adding-packages-directory.txt b/docs/manual/adding-packages-directory.txt
index 1b34b41518..01a1928e28 100644
@@ -471,4 +471,10 @@ environment variable +BR2_ENFORCE_CHECK_HASH+ to a non-empty value, and
there is no hash for a downloaded file, Buildroot considers this an
error, deletes the downloaded file, and aborts.
+Sources that are downloaded from a version control system (git, subversion,
+etc...) can not have a hash, because the version control system and tar
+may not create exactly the same file (dates, files ordering...), so the
+hash could be wrong even for a valid download. Therefore, the hash check
+is entirely skipped for such sources.
If the +.hash+ file is missing, then no check is done at all.