docs/manual: document hashes for license files

[Peter: use sha256 in example]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Yann E. MORIN 2017-06-26 00:03:41 +02:00 committed by Peter Korsgaard
parent 518b797b2b
commit 4bd21d3e95

View File

@ -445,7 +445,7 @@ package. The only reason for not adding a +.hash+ file is when hash
checking is not possible due to how the package is downloaded.
The hashes stored in that file are used to validate the integrity of the
downloaded files.
downloaded files and of the license files.
The format of this file is one line for each file for which to check the
hash, each line being space-separated, with these three fields:
@ -460,7 +460,10 @@ hash, each line being space-separated, with these three fields:
** for +sha256+, 64 hexadecimal characters
** for +sha384+, 96 hexadecimal characters
** for +sha512+, 128 hexadecimal characters
* the name of the file, without any directory component
* the name of the file:
** for a source archive: the basename of the file, without any directory
component,
** for a license file: the path as it appears in +FOO_LICENSE_FILES+.
Lines starting with a +#+ sign are considered comments, and ignored. Empty
lines are ignored.
@ -477,6 +480,10 @@ provide any hash, or only provides an +md5+ hash, then compute at least one
strong hash yourself (preferably +sha256+, but not +md5+), and mention
this in a comment line above the hashes.
.Note
The hashes for license files are used to detect a license change when a
package version is bumped.
.Note
The number of spaces does not matter, so one can use spaces (or tabs) to
properly align the different fields.
@ -503,6 +510,10 @@ sha256 ff52101fb90bbfc3fe9475e425688c660f46216d7e751c4bbdb1dc85cdccacb9 libfoo-f
# No hash for 1234:
none xxx libfoo-1234.tar.gz
# Hash for license files:
sha256 a45a845012742796534f7e91fe623262ccfb99460a2bd04015bd28d66fba95b8 COPYING
sha256 01b1f9f2c8ee648a7a596a1abe8aa4ed7899b1c9e5551bda06da6e422b04aa55 doc/COPYING.LGPL
----
If the +.hash+ file is present, and it contains one or more hashes for a