On 7/1/2014 12:30 PM, Ron Wilson wrote:
On Tue, Jul 1, 2014 at 2:39 PM, Ross Berteig <r...@cheshireeng.com <mailto:r...@cheshireeng.com>> wrote:BitBake wants *both* MD5 and SHA256 of the tarball that it plans to download. .... I would guess this derives from the (increasingly less) common practice of projects generating and publishing an "official" tarball and its hashes. Curious it would still want MD5 as this has been deprecated for years in favor of SHA256 or SHA512. Is MD5 actually a Yocto requirement?
They want both MD5 and SHA256 of each download to be specified. I'm guessing someone is assuming that using two different hash algorithms is better than one. It feels slightly paranoid to me, but I'm not a crypto expert so I hesitate to call it either paranoid, overkill, or dumb.
The requirement for both appears to be baked in somewhere. Yocto is a blend of the BitBake tool, the metadata about building a kernel and core utilities from the OpenEmbedded project, and a collection of additional layers of metadata describing things you'd like to have in some devices but possibly not others. BitBake is provided as source code (in Python) so there is a somewhat blurry line between configuration files and actual source code. The complete build workspace for my device has at least five Git repositories and one fossil repository providing all of the metadata, and a total of about 1500 individual tarballs and patches those recipes collectively downloaded.
.... If BitBake provides for configuring "generic" command line VCS clients, this should be easy. However, I have noticed an increasing number of open source projects "deprecating" general support for command line clients in favor of "proper" plug-ins. In contrast, many commercial tools continue to support command line clients either along side or instead of plug-ins.
And I suspect that someday libfossil will provide the needed bits for that plugin. Just not today. :-)
-- Ross Berteig r...@cheshireeng.com Cheshire Engineering Corp. http://www.CheshireEng.com/ +1 626 303 1602 +1 626 351 1590 FAX _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
