GNU bug report logs - #28745
tarballs generated on github are generated on demand (leading to different hash sums)

Previous Next

Package: guix;

Reported by: ng0 <ng0 <at> infotropique.org>

Date: Sun, 8 Oct 2017 11:41:01 UTC

Severity: important

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: bug#28745 <28745 <at> debbugs.gnu.org>
Subject: bug#28745: [PATCH] tarballs generated on github are generated on demand (leading to different hash sums)
Date: Sun, 15 Oct 2017 23:10:43 -0400

[Message part 1 (text/plain, inline)]
Hello,

I could finish a script that helped me finding all of our affected
packages, verify that only the hash but not the content of the archives
had changed, as well as automate the hash update for those safe to
update.

Attached is the patch and the scripts I used. I think we might
want to reuse some of it to extend guix lint to warn packagers that
archives coming from .*github.*archives URL are not guaranteed to be
stable and that it would be better, if available, to use manually
uploaded releases archives.

Thanks!

Maxim

PS: I've also uploaded the scripts here:
https://notabug.org/apteryx/fiasco for ease of cloning. Any comments
about my nascent (ab)use of Scheme are welcome!


[0001-gnu-packages-Fix-the-hashes-of-mutated-GitHub-archiv.patch (text/x-patch, attachment)]
[Message part 3 (text/plain, attachment)]
[Message part 4 (text/plain, attachment)]
[Message part 5 (text/plain, attachment)]
This bug report was last modified 7 years and 209 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.