[PATCH] dev-manual: Discourage the use of SRC

public inbox for docs@lists.yoctoproject.org
 help / color / mirror / Atom feed

* [PATCH] dev-manual: Discourage the use of SRC_URI[md5sum]
@ 2023-12-06 18:40 Peter Kjellerstedt
  2023-12-07 18:49 ` [docs] " Michael Opdenacker
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Kjellerstedt @ 2023-12-06 18:40 UTC (permalink / raw)
  To: docs

SRC_URI[md5sum] has been deprecated for a long time. Discourage its use
by removing it from examples and note that it should be replaced by
SRC_URI[sha256sum] when updating recipes.

Also mention that bitbake supports other checksums, though they are not
commonly used.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
---
 documentation/dev-manual/debugging.rst  |  2 +-
 documentation/dev-manual/new-recipe.rst | 27 +++++++++++++++----------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/documentation/dev-manual/debugging.rst b/documentation/dev-manual/debugging.rst
index fea2cb30a1..bd1e716b0b 100644
--- a/documentation/dev-manual/debugging.rst
+++ b/documentation/dev-manual/debugging.rst
@@ -327,7 +327,7 @@ BitBake has determined by doing the following:
    the task. This list also includes indirect dependencies from
    variables depending on other variables, recursively::
 
-      Task dependencies: ['PV', 'SRCREV', 'SRC_URI', 'SRC_URI[md5sum]', 'SRC_URI[sha256sum]', 'base_do_fetch']
+      Task dependencies: ['PV', 'SRCREV', 'SRC_URI', 'SRC_URI[sha256sum]', 'base_do_fetch']
 
    .. note::
 
diff --git a/documentation/dev-manual/new-recipe.rst b/documentation/dev-manual/new-recipe.rst
index e741cef0e8..2c1033eb35 100644
--- a/documentation/dev-manual/new-recipe.rst
+++ b/documentation/dev-manual/new-recipe.rst
@@ -303,28 +303,33 @@ If your :term:`SRC_URI` statement includes URLs pointing to individual files
 fetched from a remote server other than a version control system,
 BitBake attempts to verify the files against checksums defined in your
 recipe to ensure they have not been tampered with or otherwise modified
-since the recipe was written. Two checksums are used:
-``SRC_URI[md5sum]`` and ``SRC_URI[sha256sum]``.
+since the recipe was written. Multiple checksums are supported:
+``SRC_URI[md5sum]``, ``SRC_URI[sha1sum]``, ``SRC_URI[sha256sum]``.
+``SRC_URI[sha384sum]`` and ``SRC_URI[sha512sum]``, but only
+``SRC_URI[sha256sum]`` is commonly used.
+
+.. note::
+
+   ``SRC_URI[md5sum]`` used to also be commonly used, but it is deprecated
+   and should be replaced by ``SRC_URI[sha256sum]`` when updating existing
+   recipes.
 
 If your :term:`SRC_URI` variable points to more than a single URL (excluding
-SCM URLs), you need to provide the ``md5`` and ``sha256`` checksums for
-each URL. For these cases, you provide a name for each URL as part of
-the :term:`SRC_URI` and then reference that name in the subsequent checksum
-statements. Here is an example combining lines from the files
-``git.inc`` and ``git_2.24.1.bb``::
+SCM URLs), you need to provide the ``sha256`` checksum for each URL. For these
+cases, you provide a name for each URL as part of the :term:`SRC_URI` and then
+reference that name in the subsequent checksum statements. Here is an example
+combining lines from the files ``git.inc`` and ``git_2.24.1.bb``::
 
    SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
               ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages"
 
-   SRC_URI[tarball.md5sum] = "166bde96adbbc11c8843d4f8f4f9811b"
    SRC_URI[tarball.sha256sum] = "ad5334956301c86841eb1e5b1bb20884a6bad89a10a6762c958220c7cf64da02"
-   SRC_URI[manpages.md5sum] = "31c2272a8979022497ba3d4202df145d"
    SRC_URI[manpages.sha256sum] = "9a7ae3a093bea39770eb96ca3e5b40bff7af0b9f6123f089d7821d0e5b8e1230"
 
-Proper values for ``md5`` and ``sha256`` checksums might be available
+The proper value for the ``sha256`` checksum might be available together
 with other signatures on the download page for the upstream source (e.g.
 ``md5``, ``sha1``, ``sha256``, ``GPG``, and so forth). Because the
-OpenEmbedded build system only deals with ``sha256sum`` and ``md5sum``,
+OpenEmbedded build system typically only deals with ``sha256sum``,
 you should verify all the signatures you find by hand.
 
 If no :term:`SRC_URI` checksums are specified when you attempt to build the


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [docs] [PATCH] dev-manual: Discourage the use of SRC_URI[md5sum]
  2023-12-06 18:40 [PATCH] dev-manual: Discourage the use of SRC_URI[md5sum] Peter Kjellerstedt
@ 2023-12-07 18:49 ` Michael Opdenacker
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Opdenacker @ 2023-12-07 18:49 UTC (permalink / raw)
  To: Peter Kjellerstedt; +Cc: docs

Hi Peter,

On 06.12.23 at 19:40, Peter Kjellerstedt wrote:
> SRC_URI[md5sum] has been deprecated for a long time. Discourage its use
> by removing it from examples and note that it should be replaced by
> SRC_URI[sha256sum] when updating recipes.
>
> Also mention that bitbake supports other checksums, though they are not
> commonly used.


Thanks for the patch!
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Merged into master-next.
Cheers
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-12-07 18:49 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-06 18:40 [PATCH] dev-manual: Discourage the use of SRC_URI[md5sum] Peter Kjellerstedt
2023-12-07 18:49 ` [docs] " Michael Opdenacker

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox