[Buildroot] [git commit branch/2023.02.x] Config.in: rework BR2_DOWNLOAD_FORCE_CHECK_HASHES

[Peter Korsgaard]

commit: https://git.buildroot.net/buildroot/commit/?id=095c5f78e4f02e4b674c2898193dcb78dee5c5d2
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x

BR2_DOWNLOAD_FORCE_CHECK_HASHES currently has the following
dependency:

	depends on BR2_GLOBAL_PATCH_DIR != ""

However, strictly speaking checking all hashes does not necessarily
require using BR2_GLOBAL_PATCH_DIR, as long as you don't use custom
versions.

But more importantly:

- Having this dependency means that this options is hidden when people
  don't use BR2_GLOBAL_PATCH_DIR. Instead the option should always be
  made visible, encouraging people to turn it on.

- The Config.in comment was there to mitigate this previous argument,
  but this comment then shows up all the time when you have an empty
  global patch dir.

This seems over-complicated, and it sounds much easier to have the
option unconditionally available, and visible, and clarify in its help
text that in order to this to work fully with custom package versions,
BR2_GLOBAL_PATCH_DIR can be used to provide extra hash files.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
[yann.morin.1998 at free.fr:
  - fix typo noticed by Peter K.
  - reword kast sentence after review by Peter K.
]
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit 5b0c02a77ac13489a625db7b60a204a64cfc37cb)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 Config.in | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/Config.in b/Config.in
index a6cbdbc00f..c814416d9a 100644
--- a/Config.in
+++ b/Config.in
@@ -701,20 +701,18 @@ config BR2_FORCE_HOST_BUILD
 
 config BR2_DOWNLOAD_FORCE_CHECK_HASHES
 	bool "Force all downloads to have a valid hash"
-	depends on BR2_GLOBAL_PATCH_DIR != ""
 	help
-	  For packages where a custom version or location can be set,
-	  Buildroot does not carry a hash for those custom versions or
-	  locations, so the integrity of such downloads is not verified.
-
 	  Say 'y' here to enforce downloads to have at least one valid
 	  hash (and of course, that all hashes be valid).
 
-	  Those hashes are looked in files in BR2_GLOBAL_PATCH_DIR,
-	  see above.
+	  By default, Buildroot checks hashes of all packages
+	  downloaded, except those for which a custom version is
+	  used.
 
-comment "Forcing all downloads to have a valid hash needs a global patch and hash directory"
-	depends on BR2_GLOBAL_PATCH_DIR = ""
+	  With this option turned on, Buildroot will check hashes of
+	  all packages, including those that use a custom version. In
+	  order to provide hashes for such packages, place additional
+	  hash files in BR2_GLOBAL_PATCH_DIR directories.
 
 config BR2_REPRODUCIBLE
 	bool "Make the build reproducible (experimental)"