mirror of
https://git.yoctoproject.org/poky
synced 2026-04-04 23:02:22 +02:00
25d7b0df2a
The section on wrting a new recipe suggested using a "build-fail" method to get bitbake to return exact checksums for code. It was pointed out that this could be a middle-security risk and that we should not do that but instead get the signatures from the upstream website. However, many times those sites don't provide that information. I re-worded the text to note the ideal method (upstream checksums) and then resorted to the "build-fail" method as a "way" to also get them when the upstream location does not have them. (From yocto-docs rev: b06699de2f512b01600bf952a8ee928c2a4c358a) Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>