[oe] [PATCH][meta-oe] libp11: update to 0.4.10

[Martin Jansa]

On Tue, May 28, 2019 at 09:09:45PM +0300, Adrian Bunk wrote:
> On Tue, May 28, 2019 at 06:52:00PM +0200, Oleksandr Kravchuk wrote:
> > Signed-off-by: Oleksandr Kravchuk <open.source at oleksandr-kravchuk.com>
> > ---
> >  .../libp11/{libp11_0.4.7.bb => libp11_0.4.10.bb}                | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >  rename meta-oe/recipes-support/libp11/{libp11_0.4.7.bb => libp11_0.4.10.bb} (92%)
> > 
> > diff --git a/meta-oe/recipes-support/libp11/libp11_0.4.7.bb b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb
> > similarity index 92%
> > rename from meta-oe/recipes-support/libp11/libp11_0.4.7.bb
> > rename to meta-oe/recipes-support/libp11/libp11_0.4.10.bb
> > index 87d99c1a6..2911e37c7 100644
> > --- a/meta-oe/recipes-support/libp11/libp11_0.4.7.bb
> > +++ b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb
> > @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29"
> >  DEPENDS = "libtool openssl"
> >  
> >  SRC_URI = "git://github.com/OpenSC/libp11.git"
> > -SRCREV = "64569a391897bd29c5060b19fa4613e619e59277"
> > +SRCREV = "libp11-0.4.10"
> >...
> 
> This is not a good idea - upstream might move the label,
> and a man-in-the-middle attack on someone building this
> recipe might also be possible.

Not only that, but bitbake fetcher will convert the tag name to the hash
every single time the recipe is being parsed which is not only annoying,
but also breaks parsing for people who don't even use this recipe when
they loose network connection during build (or build intentionally
without one).

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20190528/bd0ae1e2/attachment.sig>