GNU bug report logs - #28745
tarballs generated on github are generated on demand (leading to different hash sums)

Previous Next

Package: guix;

Reported by: ng0 <ng0 <at> infotropique.org>

Date: Sun, 8 Oct 2017 11:41:01 UTC

Severity: important

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: bug#28745 <28745-done <at> debbugs.gnu.org>
Subject: bug#28745: [PATCH] tarballs generated on github are generated on demand (leading to different hash sums)
Date: Sat, 21 Oct 2017 23:13:36 -0400

ludo <at> gnu.org (Ludovic Courtès) writes:

> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>
[...]
>
>> Attached is the patch and the scripts I used. I think we might
>> want to reuse some of it to extend guix lint to warn packagers that
>> archives coming from .*github.*archives URL are not guaranteed to be
>> stable and that it would be better, if available, to use manually
>> uploaded releases archives.
>
> Unfortunately, it’s become commonplace to publish nothing else than a
> Git tag.  Now, in those cases, we could also use ‘git-fetch’, which
> wouldn’t be affected by problems with generated tarballs.
>
> Thoughts?

I think the status quo is reasonable for now; if this becomes a recurring
problem we can reopen the issue and do something more about it.

>> PS: I've also uploaded the scripts here:
>> https://notabug.org/apteryx/fiasco for ease of cloning. Any comments
>> about my nascent (ab)use of Scheme are welcome!
>
> The code looks nice!

OK, that's reassuring! :)

>
>> From 774a764149ecb0e234ae09c9a0a273af671c3c86 Mon Sep 17 00:00:00 2001
>> From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
>> Date: Sun, 15 Oct 2017 22:17:12 -0400
>> Subject: [PATCH] gnu: packages: Fix the hashes of mutated GitHub archives.
>>
>> Fixes bug https://bugs.gnu.org/28745.
>>
>> * gnu/packages/audio.scm (csound): Fix hash.
>> * gnu/packages/engineering.scm (fritzing): Likewise.
>> * gnu/packages/erlang.scm (erlang): Likewise.
>> * gnu/packages/fonts.scm (font-google-material-design-icons): Likewise.
>> * gnu/packages/graphics.scm (ogre): Likewise.
>> * gnu/packages/java.scm (java-plexus-interpolation, antlr3): Likewise.
>> * gnu/packages/serialization.scm (yaml-cpp): Likewise.
>> * gnu/packages/version-control.scm (libgit2): Likewise.
>
> I’ve checked the hashes by running:
>
>   ./pre-inst-env guix build -S --no-substitutes csound fritzing erlang \
>      font-google-material-design-icons ogre java-plexus-interpolation \
>      antlr3 yaml-cpp libgit2  --max-jobs=2
>
> and everything went well.
>
> Pushed as fd75eb6cd4e5c689f9e6ce7dd8d87f423778d308, thanks!
>
> Ludo’.

Thanks!

Maxim
This bug report was last modified 7 years and 209 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.