[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28745: [PATCH] tarballs generated on github are generated on demand
bug#28745: [PATCH] tarballs generated on github are generated on demand (leading to different hash sums)
Fri, 20 Oct 2017 23:04:43 +0200
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
Maxim Cournoyer <address@hidden> skribis:
> I could finish a script that helped me finding all of our affected
> packages, verify that only the hash but not the content of the archives
> had changed, as well as automate the hash update for those safe to
> Attached is the patch and the scripts I used. I think we might
> want to reuse some of it to extend guix lint to warn packagers that
> archives coming from .*github.*archives URL are not guaranteed to be
> stable and that it would be better, if available, to use manually
> uploaded releases archives.
Unfortunately, it’s become commonplace to publish nothing else than a
Git tag. Now, in those cases, we could also use ‘git-fetch’, which
wouldn’t be affected by problems with generated tarballs.
> PS: I've also uploaded the scripts here:
> https://notabug.org/apteryx/fiasco for ease of cloning. Any comments
> about my nascent (ab)use of Scheme are welcome!
The code looks nice!
> From 774a764149ecb0e234ae09c9a0a273af671c3c86 Mon Sep 17 00:00:00 2001
> From: Maxim Cournoyer <address@hidden>
> Date: Sun, 15 Oct 2017 22:17:12 -0400
> Subject: [PATCH] gnu: packages: Fix the hashes of mutated GitHub archives.
> Fixes bug https://bugs.gnu.org/28745.
> * gnu/packages/audio.scm (csound): Fix hash.
> * gnu/packages/engineering.scm (fritzing): Likewise.
> * gnu/packages/erlang.scm (erlang): Likewise.
> * gnu/packages/fonts.scm (font-google-material-design-icons): Likewise.
> * gnu/packages/graphics.scm (ogre): Likewise.
> * gnu/packages/java.scm (java-plexus-interpolation, antlr3): Likewise.
> * gnu/packages/serialization.scm (yaml-cpp): Likewise.
> * gnu/packages/version-control.scm (libgit2): Likewise.
I’ve checked the hashes by running:
./pre-inst-env guix build -S --no-substitutes csound fritzing erlang \
font-google-material-design-icons ogre java-plexus-interpolation \
antlr3 yaml-cpp libgit2 --max-jobs=2
and everything went well.
Pushed as fd75eb6cd4e5c689f9e6ce7dd8d87f423778d308, thanks!