From a20e75f45bcf156e472b7135b04e1f4f8fd70ce4 Mon Sep 17 00:00:00 2001
From: Scott Rifenbark <scott.m.rifenbark@intel.com>
Date: Tue, 5 Aug 2014 08:38:02 +0300
Subject: dev-manual: Review edits to how to find checksum values.

Edits from Paul to better word this section.

(From yocto-docs rev: 51425ab506050ee5ba30d5c3c10639d5a1b8cc8e)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../dev-manual/dev-manual-common-tasks.xml         | 33 +++++++++++-----------
 1 file changed, 17 insertions(+), 16 deletions(-)

(limited to 'documentation/dev-manual')

diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml
index e5c1649f57..0218dc59fd 100644
--- a/documentation/dev-manual/dev-manual-common-tasks.xml
+++ b/documentation/dev-manual/dev-manual-common-tasks.xml
@@ -1797,10 +1797,10 @@
             </para>
 
             <para>
-                Finding proper values for <filename>md5</filename> and
-                <filename>sha256</filename> checksums can involve some work.
-                Initially, you should locate any available signatures from
-                the upstream source (i.e. <filename>md5</filename>,
+                Proper values for <filename>md5</filename> and
+                <filename>sha256</filename> checksums might be available
+                with other signatures on the download page for the upstream
+                source (e.g. <filename>md5</filename>,
                 <filename>sha1</filename>, <filename>sha256</filename>,
                 <filename>GPG</filename>, and so forth).
                 Because the OpenEmbedded build system only deals with
@@ -1809,18 +1809,19 @@
             </para>
 
             <para>
-                After you have verified as many signatures as you can,
-                you can use a "build-fail" method that retrieves the exact
-                <filename>sha256sum</filename> and <filename>md5sum</filename>
-                checksums you need.
-                To use the "build-fail" method, comment the
-                <filename>SRC_URI</filename> statements out that provide the
-                checksums and then attempt to build the software.
-                The build will produce an error for each missing checksum
-                and as part of the error message provide the correct checksum
-                string.
-                Once you have the correct checksums, simply copy them into your
-                recipe for a subsequent build.
+                If no <filename>SRC_URI</filename> checksums are specified
+                when you attempt to build the recipe, the build will produce
+                an error for each missing checksum.
+                As part of the error message, the build system provides
+                the checksum string corresponding to the fetched file.
+                Once you have the correct checksums, you can copy and paste
+                them into your recipe and then run the build again to continue.
+                <note>
+                    As mentioned, if the upstream source provides signatures
+                    for verifying the downloaded source code, you should
+                    verify those manually before setting the checksum values
+                    in the recipe and continuing with the build.
+                </note>
             </para>
 
             <para>
-- 
cgit v1.2.3-54-g00ecf