GNU bug report logs - #52591
downloading from software archives as default even if version is wrong

Previous Next

Package: guix;

Reported by: Andy Tai <lichengtai <at> gmail.com>

Date: Fri, 17 Dec 2021 23:42:02 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: lichengtai <at> gmail.com, 52591 <at> debbugs.gnu.org
Subject: bug#52591: downloading from software archives as default even if version is wrong
Date: Sat, 18 Dec 2021 01:06:48 +0100

[Message part 1 (text/plain, inline)]
Maxime Devos 写道:
> You forgot to update the sha256 hash.

That's it, in a nutshell!

> which at this time shall fail as I have not updated the hash 
> checksum.

No, that's the reason it *succeeds*!

Guix is mostly content-addressed, meaning that the hash identifies 
a file.  If you don't change the hash, you're not asking for a new 
file, by definition.  URLs are like directions (hence: ‘locator’), 
not identifiers.

You can easily generate a bogus-but-valid hash by negating the 
first digit, which (in nix-base32 at least), can only be either 0 
or 1.  Guix will then print the correct hash of whatever it found 
at the URI you specified.

OK to close as NOTABUG?

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 179 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.