Commit 9474cc25 authored by Maxime Hadjinlian's avatar Maxime Hadjinlian Committed by Peter Korsgaard
Browse files

manual: Add notes about GitHub and hashes 



We can't take hashes from GitHub, unless the tarball has been uploaded by
the maintainer, otherwise it is generated and may change over time,
which renders hash files useless.

[Peter: slightly reword]
Signed-off-by: default avatarMaxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: default avatarYann E. MORIN <yann.morin.1998@free.fr>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: default avatarArnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 74ce748d

docs/manual/adding-packages-directory.txt

+7 −0
Original line number Diff line number Diff line
@@ -441,6 +441,13 @@ provide any hash, or only provides an +md5+ hash, then compute at least one 
strong hash yourself (preferably +sha256+, but not +md5+), and mention

this in a comment line above the hashes.



.Note

If +libfoo+ is from GitHub (see xref:github-download-url[] for details), we

can only accept a +.hash+ file if the package is a released (e.g. uploaded

by the maintainer) tarball. Otherwise, the automatically generated tarball

may change over time, and thus its hashes may be different each time it is

downloaded, causing a +.hash+ mismatch for that tarball.



.Note

The number of spaces does not matter, so one can use spaces (or tabs) to

properly align the different fields.