[ANN] U-Boot v2020.07-rc3 released

Tom Rini trini at konsulko.com
Tue May 26 15:50:05 CEST 2020 

On Tue, May 26, 2020 at 01:15:36PM +0000, Alexey Brodkin wrote:
> Hi Tom, Wolfgang,
> 
> > > In message <CALeDE9MGoubGU7KgEHZaHtHAcv2E4wasHgewNQMsL3_KFJzEzQ at mail.gmail.com> you wrote:
> > > > >
> > > > > I'm going to continue with the every-other-week RC schedule and release on
> > > > > July 6th.  I'm currently planning to branch -next on June 8th but PRs
> > > > > can be posted sooner and I'll get them queued up.  Thanks all!
> > > >
> > > > Is there a tar file?
> > >
> > > There is no need for (static) tarballs, as you can always download
> > > one dynamically from the gitlab interface.
> > >
> > > Go to https://gitlab.denx.de/u-boot/u-boot , then clock on the
> > > "Download" symbol, which looks something like this:
> > >
> > >         ||
> > >         \/
> > >       |____|
> > >
> > > It's labeled "Download source code", and you can select for example
> > > "tar.bz2" download format.
> > 
> > The problem is that unless this is unlike the github interface the
> > tarballs are deleted / recreated at times and so the checksums change.
> > In OpenEmbedded land this is worked around by using the githash for a
> > specific tag and fetching that way.  I don't know if Fedora/etc support
> > a similar mechanism.
> 
> That might be quite unfortunate if we stop producing "static" tarballs with
> known checksums as in build-systems like Buildroot tarballs are still preferable
> or at least simpler way of dealing with new versions.
> 
> Or at least if creation of "static tarballs" won't be supported looking forward
> it might be good to make people aware of that somehow :)
> 
> Also cannot we use "Releases" feature of GitLab?
> See https://gitlab.denx.de/help/user/project/releases/index.
> Not sure if in case of "releases" tarballs could be still regenerated at some
> point but even in that case we may "attach" "manually" created "assets" which will
> have a known checksums and those are for sure as static as it can be.

I might be missing something but while I do see things about how to have
(and show "verified") signed commits, I don't see that we can do that on
tags.  I can script the release process but I think we would move from
the release tag being signed to the commit being signed.  Which isn't
awful I suppose, but is a change.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot-board-maintainers/attachments/20200526/65017418/attachment.sig>

More information about the U-Boot-Board-Maintainers mailing list