https://openwrt.org/docs/guide-developer/packages#use_source_repository
What is the point of pkg_mirror_hash if I first have to download it and make a tarball to check the checksum and then put that checksum in the makefile and then download the package again to actually use it in the build and ”hey it was the same as the first one I downloaded”?
And then what? Am I supposed to do this procedure for every future commit on that package?
It's used in Makefiles that use PKG_SOURCE_PROTO (instead of a normal tarball download). OpenWrt buildbots store the source package on OpenWrt servers, so when a user builds the package it's not required to checkout the source tree again, instead the source package can be downloaded from OpenWrt mirror. And then PKG_MIRROR_HASH is used to verify that the source package has not been tampered with.
Works for GIT, doesn't work for SVN. I don't know about the other protocols.
So if I understand you and the second link (the forum link) you provided right I don't need to use it when building my own builds.
It seems to be for for the buildbots to easy reuse the already build package?
You don't need to use it. But there is a clear benefit using it for the local scenario as well. If you don't use it then whenever you rebuild your package the build system will checkout the source again (e.g. from an upstream git repository). But if you do use it and the hash is correct, then it will just reuse the source package that it keeps locally in your dl folder. So you save time and bandwidth.