From 4bd21d3e95f5de08858c957731c1715f11a6080d Mon Sep 17 00:00:00 2001 From: "Yann E. MORIN" Date: Mon, 26 Jun 2017 00:03:41 +0200 Subject: [PATCH] docs/manual: document hashes for license files [Peter: use sha256 in example] Signed-off-by: "Yann E. MORIN" Cc: Luca Ceresoli Cc: Peter Korsgaard Cc: Rahul Bedarkar Cc: Thomas De Schampheleire Signed-off-by: Peter Korsgaard --- docs/manual/adding-packages-directory.txt | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/manual/adding-packages-directory.txt b/docs/manual/adding-packages-directory.txt index 00b2033904..804946c504 100644 --- a/docs/manual/adding-packages-directory.txt +++ b/docs/manual/adding-packages-directory.txt @@ -445,7 +445,7 @@ package. The only reason for not adding a +.hash+ file is when hash checking is not possible due to how the package is downloaded. The hashes stored in that file are used to validate the integrity of the -downloaded files. +downloaded files and of the license files. The format of this file is one line for each file for which to check the hash, each line being space-separated, with these three fields: @@ -460,7 +460,10 @@ hash, each line being space-separated, with these three fields: ** for +sha256+, 64 hexadecimal characters ** for +sha384+, 96 hexadecimal characters ** for +sha512+, 128 hexadecimal characters -* the name of the file, without any directory component +* the name of the file: +** for a source archive: the basename of the file, without any directory + component, +** for a license file: the path as it appears in +FOO_LICENSE_FILES+. Lines starting with a +#+ sign are considered comments, and ignored. Empty lines are ignored. @@ -477,6 +480,10 @@ provide any hash, or only provides an +md5+ hash, then compute at least one strong hash yourself (preferably +sha256+, but not +md5+), and mention this in a comment line above the hashes. +.Note +The hashes for license files are used to detect a license change when a +package version is bumped. + .Note The number of spaces does not matter, so one can use spaces (or tabs) to properly align the different fields. @@ -503,6 +510,10 @@ sha256 ff52101fb90bbfc3fe9475e425688c660f46216d7e751c4bbdb1dc85cdccacb9 libfoo-f # No hash for 1234: none xxx libfoo-1234.tar.gz + +# Hash for license files: +sha256 a45a845012742796534f7e91fe623262ccfb99460a2bd04015bd28d66fba95b8 COPYING +sha256 01b1f9f2c8ee648a7a596a1abe8aa4ed7899b1c9e5551bda06da6e422b04aa55 doc/COPYING.LGPL ---- If the +.hash+ file is present, and it contains one or more hashes for a -- 2.30.2