From: Jo-Philipp Wich <j...@mein.io>
When calling a download target, hash verification is now completely
skipped if we set PKG_HASH=none.
This allows to easily bump package version:
$ make package/<mypackage>/download PKG_HASH=none V=s
$ make package/<mypackage>/check FIXUP=1 V=s
This will download the new version of the package, and then automatically
update PKG_HASH with the hash of the new version. Of course, it is still
the responsibility of the packager to ensure that the new tarball is
legitimate, because it is downloaded from a possibly untrusted source.
Fixes: b30ba14e ("scripts/download.pl: fail loudly if provided hash is
unsupported")
Signed-off-by: Baptiste Jonglez <g...@bitsofnetworks.org>
Signed-off-by: Jo-Philipp Wich <j...@mein.io>
Acked-by: Stijn Tintel <st...@linux-ipv6.be>
Signed-off-by: John Crispin <j...@phrozen.org>
---
scripts/download.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/download.pl b/scripts/download.pl
index 775408934a..ad9c480c67 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -88,7 +88,7 @@ sub download_cmd($) {
}
my $hash_cmd = hash_cmd();
-$hash_cmd or die "Cannot find appropriate hash command, ensure the provided
hash is either a MD5 or SHA256 checksum.\n";
+$hash_cmd or ($file_hash eq "none") or die "Cannot find appropriate hash
command, ensure the provided hash is either a MD5 or SHA256 checksum.\n";
sub download
{
--
2.11.0
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
