From unknown Sun Aug 17 04:15:56 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#20428 <20428@debbugs.gnu.org> To: bug#20428 <20428@debbugs.gnu.org> Subject: Status: git-fetch does not always validate hash Reply-To: bug#20428 <20428@debbugs.gnu.org> Date: Sun, 17 Aug 2025 11:15:56 +0000 retitle 20428 git-fetch does not always validate hash reassign 20428 guix submitter 20428 Ricardo Wurmus severity 20428 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 26 09:13:39 2015 Received: (at submit) by debbugs.gnu.org; 26 Apr 2015 13:13:39 +0000 Received: from localhost ([127.0.0.1]:40198 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YmMNO-0005Mt-FZ for submit@debbugs.gnu.org; Sun, 26 Apr 2015 09:13:38 -0400 Received: from eggs.gnu.org ([208.118.235.92]:38139) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YmMNK-0005Me-Su for submit@debbugs.gnu.org; Sun, 26 Apr 2015 09:13:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YmMNE-0000rB-Mp for submit@debbugs.gnu.org; Sun, 26 Apr 2015 09:13:29 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:50596) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YmMNE-0000r7-Jk for submit@debbugs.gnu.org; Sun, 26 Apr 2015 09:13:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51642) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YmMND-0005Ux-K1 for bug-guix@gnu.org; Sun, 26 Apr 2015 09:13:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YmMNA-0000qm-Cj for bug-guix@gnu.org; Sun, 26 Apr 2015 09:13:27 -0400 Received: from sender1.zohomail.com ([74.201.84.162]:53353) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YmMNA-0000pF-5Y for bug-guix@gnu.org; Sun, 26 Apr 2015 09:13:24 -0400 Received: from localhost (x4d0c9f41.dyn.telefonica.de [77.12.159.65]) by mx.zohomail.com with SMTPS id 143005400109754.06889249794722; Sun, 26 Apr 2015 06:13:21 -0700 (PDT) From: Ricardo Wurmus To: bug-guix@gnu.org Subject: git-fetch does not always validate hash Date: Sun, 26 Apr 2015 15:13:16 +0200 Message-ID: <87lhhfyqvn.fsf@mango.localdomain> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) I'm currently playing with the elogind package recipe and I'm occasionally updating my clone of the elogind git repository. Whenever I do I update the value of "commit" in the package definition: (define-public elogind (let ((commit "18ee7abc9a")) (package (name "elogind") (version (string-append "219." commit)) (source (origin (method git-fetch) (uri (git-reference (url "http://git.elephly.net/software/elogind.git") (commit commit))) (sha256 (base32 "0lg8jgp9rl3wf9w2xfip87nx9zpjhm4js7x1z05744xiyfmvawp5")))) ;; ... (license license:lgpl2.1+)))) Upon rebuilding the package from a new commit I would expect the build to fail with a hash validation error as I have not updated the hash yet. However, the build procedure just continues. I noticed that the git checkout is still the very same as before I updated the value of "commit". I cannot seem to reliably force a new git checkout. From debbugs-submit-bounces@debbugs.gnu.org Fri May 01 16:21:59 2015 Received: (at 20428-done) by debbugs.gnu.org; 1 May 2015 20:21:59 +0000 Received: from localhost ([127.0.0.1]:58949 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YoHRe-0008Ir-E2 for submit@debbugs.gnu.org; Fri, 01 May 2015 16:21:58 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:45482 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YoHRc-0008Ih-75 for 20428-done@debbugs.gnu.org; Fri, 01 May 2015 16:21:56 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:37844 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1YoHRa-0001JD-Jf; Fri, 01 May 2015 16:21:54 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Ricardo Wurmus Subject: Re: bug#20428: git-fetch does not always validate hash References: <87lhhfyqvn.fsf@mango.localdomain> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 =?utf-8?Q?Flor=C3=A9al?= an 223 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Fri, 01 May 2015 22:21:52 +0200 In-Reply-To: <87lhhfyqvn.fsf@mango.localdomain> (Ricardo Wurmus's message of "Sun, 26 Apr 2015 15:13:16 +0200") Message-ID: <87lhh89hgf.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 20428-done Cc: 20428-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Ricardo Wurmus skribis: > Upon rebuilding the package from a new commit I would expect the build > to fail with a hash validation error as I have not updated the hash yet. > However, the build procedure just continues. I noticed that the git > checkout is still the very same as before I updated the value of > "commit". I cannot seem to reliably force a new git checkout. Indeed, origins compile to fixed-output derivations, meaning that these are special derivations whose output is known in advance (rather, the SHA256 is the output is known in advance.) Thus, it doesn=E2=80=99t matter= how the derivation produces its result as long as its output has the correct hash. When you leave the =E2=80=98sha256=E2=80=99 unchanged, the daemon notices t= hat there=E2=80=99s already an item with this name and hash in the store, so it does nothing. This is expected behavior, though I understand this can be error-prone here. To avoid that, you could add a =E2=80=98file-name=E2=80=99 field to the ori= gin that includes the commit: (file-name (string-append name "-checkout-" commit)) Thus, if you change the commit without changing the hash, the daemon will still want to build the origin (because of the changed name) and will eventually complain about the hash mismatch. Thanks, Ludo=E2=80=99. From unknown Sun Aug 17 04:15:56 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 30 May 2015 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator