Since qt5base was last bumped in 8ab4a0a348 (package/qt5: bump packages
to latest kde submodule versions), the hash for the downloaded tarball
has changed:
$ make qt5base-source
[...]
ERROR: expected: 935d01f5c34903ad9e979431cec7a8a59332ed3fc539e639f5ba87e8d6989b9d
ERROR: got : 3067c4d84ba9927bfe65bf606c17af082199e0a3b22781fbf9bc6c6bc3de26dd
We know the hash was good back when 8ab4a0a348 was applied, because
the tarball has been cached on sources.buildroot.org with the expected
hash:
$ curl 'https://sources.buildroot.net/qt5base/qtbase-da6e958319e95fe564d3b30c931492dd666bfaff.tar.bz2' 2>/dev/null |sha256sum -
935d01f5c34903ad9e979431cec7a8a59332ed3fc539e639f5ba87e8d6989b9d -
But now, the archive generated by the KDE gorge (Gitlab underneath) has
another hash (as seen above). This means that the KDE forge (Gitlab) has
changed the way it generates archives. So, what's the delta? It turns
out that the only changes are about CRLF that were present in the
original archive, and are no longer in the new one. It is to be noted
that the affected files do not have CRLFS in the repository. It further
turns out that the archive was previously generated with .gitattibutes
of the main branch ('dev' in Qt repositories), while now they are
generated with the .gitattibutes of the commit for which they are
generated.
Switch to using the git download method for really reproducible
archives...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Sebastian Weyer <sebastian.weyer@smile.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>