Commit d344ffe624 (configs/rock5b: add hash for custom uboot)
explicitly noted that the kernel was retrieved from a git-clone, so the
sha1 of the commit was enough to get what we expect.
However, that does not account for the fact that the upstream repository
can disapear or be temporarily unavailable (maliciously or not). In that
case, the kernel archive will be looked up on the backup mirror.
In that case, the download is via wget over https, which protects the
transport, but does not guarantee that the remote server serves the
expected archive.
The hash file was dropped when d344ffe624 was applied; restore it.
Since the defconfig now has hashes for all its downloads, enforce
checking hashes.
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9ebbfeff38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>