On Fri, Jan 20, 2023 at 9:48 AM Alexander Kanavin <[email protected]> wrote: > > On Fri, 20 Jan 2023 at 10:17, Alex Kiernan <[email protected]> wrote: > > > But if you list a crate as the primary source, rather than pulling it > > from git, something like this: > > > > LICENSE = "MIT" > > LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=d426d11f66aaa533f62910f3bd79dfb6" > > > > SRC_URI = "crate://crates.io/binary-security-check/1.2.7" > > > > inherit cargo cargo-update-recipe-crates > > > > require binary-security-check-crates.inc > > > > You end up down this code path > > (https://git.openembedded.org/bitbake/tree/lib/bb/fetch2/crate.py#n100) > > and the checksum isn't verified. > > > > So not terrible, but could do with fixing at some point since the > > crate binary starting point is clearly the "tarball" starting point. > > Should there be a ticket for checking the primary crate? >
Yeah, will create one shortly. -- Alex Kiernan
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176184): https://lists.openembedded.org/g/openembedded-core/message/176184 Mute This Topic: https://lists.openembedded.org/mt/96373035/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
