On Fri, 20 Jan 2023 at 10:17, Alex Kiernan <[email protected]> wrote:
> But if you list a crate as the primary source, rather than pulling it > from git, something like this: > > LICENSE = "MIT" > LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=d426d11f66aaa533f62910f3bd79dfb6" > > SRC_URI = "crate://crates.io/binary-security-check/1.2.7" > > inherit cargo cargo-update-recipe-crates > > require binary-security-check-crates.inc > > You end up down this code path > (https://git.openembedded.org/bitbake/tree/lib/bb/fetch2/crate.py#n100) > and the checksum isn't verified. > > So not terrible, but could do with fixing at some point since the > crate binary starting point is clearly the "tarball" starting point. Should there be a ticket for checking the primary crate? Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176182): https://lists.openembedded.org/g/openembedded-core/message/176182 Mute This Topic: https://lists.openembedded.org/mt/96373035/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
