[Buildroot] [PATCH] scanpypi: add support for the new PyPI infrastructure
Arnout Vandecappelle
arnout at mind.be
Mon Apr 23 07:45:35 UTC 2018
On 19-04-18 08:57, Yegor Yefremov wrote:
> Hi Arnout,
>
> On Wed, Apr 18, 2018 at 11:22 PM, Arnout Vandecappelle <arnout at mind.be> wrote:
>>
>>
>> On 18-04-18 11:55, yegorslists at googlemail.com wrote:
>>> From: Yegor Yefremov <yegorslists at googlemail.com>
[snip]
>>> @@ -529,22 +529,23 @@ class BuildrootPackage():
>>> path_to_hash = os.path.join(self.pkg_dir, pkg_hash)
>>> print('Creating {filename}...'.format(filename=path_to_hash))
>>> lines = []
>>> - if self.used_url['md5_digest']:
>>> - md5_comment = '# md5 from {url}, sha256 locally computed\n'.format(
>>> + if self.used_url['digests']['md5'] and self.used_url['digests']['sha256']:
>>
>> If there is a sha256, there is no point adding the md5.
>>
>> If there is no sha256 for whatever reason (can this happen?), we don't get any
>> hash at all...
>>
>> So I think this should be (pseudocode):
>>
>> if self.used_url['digests']['sha256']:
>> hash_header = '# sha256 from ...'
>> ...
>> else if self.used_url['digests']['md5']:
>> hash_header = '# md5 from {url}, sha256 locally computed\n'
>> # original code
>
> You're right. We don't need md5 at all. And I doubt there are any
> packages without sha256 as those checksums will be calculated and put
> into JSON automatically (at least I believe it is so). I've seen
> sha256 checksum for older package version so it seems to be
> consistent.
>
> What do you think?
If usually there is a sha256, just support the sha256. If it is missing then
the md5 can be added manually.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
More information about the buildroot
mailing list