* gzip-1.7.tar.gz hash mismatch on core-updates
@ 2016-04-07 22:12 Ludovic Courtès
2016-04-08 6:20 ` Efraim Flashner
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2016-04-07 22:12 UTC (permalink / raw)
To: Efraim Flashner; +Cc: Guix-devel
[-- Attachment #1: Type: text/plain, Size: 1993 bytes --]
Hi!
Commit ea5d388257664d703df23cf3eb0da7b6546d6c42 updates gzip to 1.7.
Its specified SHA256 is:
1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv
However, when downloading right now, I get a different hash:
--8<---------------cut here---------------start------------->8---
$ guix download mirror://gnu/gzip/gzip-1.7.tar.gz
Starting download of /tmp/guix-file.EtGdvV
From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz...
following redirection to `http://mirror1.babylon.network/gnu/gzip/gzip-1.7.tar.gz'...
gzip-1.7.tar.gz 1.1MiB 740KiB/s 00:02 [####################] 100.0%
/gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
010rjpxh2vg3qfzph9lx7a35gfs5imkg2mkri26620bqihbsmjzc
$ guix download mirror://gnu/gzip/gzip-1.7.tar.gz.sig
Starting download of /tmp/guix-file.jK41ds
From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz.sig...
following redirection to `http://mirror.ibcp.fr/pub/gnu/gzip/gzip-1.7.tar.gz.sig'...
gzip-1.7.tar.gz.sig 801B 2.1MiB/s 00:00 [####################] 100.0%
/gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig
03j0bcydran7fas42sm1lxf09qcjwp4c2y9rzp42zj088mx6s32b
$ gpg --verify /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
gpg: Signature made Mon 28 Mar 2016 06:05:12 AM CEST using RSA key ID 000BEEEE
gpg: Good signature from "Jim Meyering <jim@meyering.net>" [full]
gpg: aka "Jim Meyering <meyering@gnu.org>" [full]
gpg: aka "Jim Meyering <meyering@fb.com>" [undefined]
--8<---------------cut here---------------end--------------->8---
Could you check if you have a copy of gzip-1.7.tar.gz with the hash
that’s in the repo (using ‘guix build -S gzip’ in ‘core-updates’) and if
so, send the diff?
(I’d like to know if it’s a mistake or if gzip-1.7.tar.gz has been
modified in place on ftp.gnu.org.)
Thanks in advance. :-)
Ludo’.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gzip-1.7.tar.gz hash mismatch on core-updates
2016-04-07 22:12 gzip-1.7.tar.gz hash mismatch on core-updates Ludovic Courtès
@ 2016-04-08 6:20 ` Efraim Flashner
2016-04-09 14:45 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Efraim Flashner @ 2016-04-08 6:20 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: Guix-devel
[-- Attachment #1: Type: text/plain, Size: 3930 bytes --]
On Fri, Apr 08, 2016 at 12:12:41AM +0200, Ludovic Courtès wrote:
> Hi!
>
> Commit ea5d388257664d703df23cf3eb0da7b6546d6c42 updates gzip to 1.7.
> Its specified SHA256 is:
>
> 1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv
>
> However, when downloading right now, I get a different hash:
>
> --8<---------------cut here---------------start------------->8---
> $ guix download mirror://gnu/gzip/gzip-1.7.tar.gz
>
> Starting download of /tmp/guix-file.EtGdvV
> From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz...
> following redirection to `http://mirror1.babylon.network/gnu/gzip/gzip-1.7.tar.gz'...
> gzip-1.7.tar.gz 1.1MiB 740KiB/s 00:02 [####################] 100.0%
> /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
> 010rjpxh2vg3qfzph9lx7a35gfs5imkg2mkri26620bqihbsmjzc
> $ guix download mirror://gnu/gzip/gzip-1.7.tar.gz.sig
>
> Starting download of /tmp/guix-file.jK41ds
> From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz.sig...
> following redirection to `http://mirror.ibcp.fr/pub/gnu/gzip/gzip-1.7.tar.gz.sig'...
> gzip-1.7.tar.gz.sig 801B 2.1MiB/s 00:00 [####################] 100.0%
> /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig
> 03j0bcydran7fas42sm1lxf09qcjwp4c2y9rzp42zj088mx6s32b
> $ gpg --verify /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
> gpg: Signature made Mon 28 Mar 2016 06:05:12 AM CEST using RSA key ID 000BEEEE
> gpg: Good signature from "Jim Meyering <jim@meyering.net>" [full]
> gpg: aka "Jim Meyering <meyering@gnu.org>" [full]
> gpg: aka "Jim Meyering <meyering@fb.com>" [undefined]
> --8<---------------cut here---------------end--------------->8---
>
> Could you check if you have a copy of gzip-1.7.tar.gz with the hash
> that’s in the repo (using ‘guix build -S gzip’ in ‘core-updates’) and if
> so, send the diff?
>
> (I’d like to know if it’s a mistake or if gzip-1.7.tar.gz has been
> modified in place on ftp.gnu.org.)
>
> Thanks in advance. :-)
>
> Ludo’.
efraim@debian-netbook:~/workspace/guix$ guix import gnu gzip
Starting download of /tmp/guix-file.EhzyfG
From ftp://ftp.gnu.org/gnu/gzip/gzip-1.7.tar.xz...
gzip-1.7.tar.xz 746KiB 554KiB/s 00:01
[####################] 100.0%
Starting download of /tmp/guix-file.4OjzCw
From ftp://ftp.gnu.org/gnu/gzip/gzip-1.7.tar.xz.sig...
gzip-1.7.tar.xz.sig 801B 83KiB/s 00:00
[####################] 100.0%
gpg: Signature made Mon 28 Mar 2016 07:05:12 AM IDT using RSA key ID
000BEEEE
gpg: Good signature from "Jim Meyering <jim@meyering.net>" [undefined]
gpg: aka "Jim Meyering <meyering@fb.com>" [undefined]
gpg: aka "Jim Meyering <meyering@gnu.org>" [undefined]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 155D 3FC5 00C8 3448 6D1E EA67 7FD9 FCCB 000B EEEE
(package
(name "gzip")
(version "1.7")
(source
(origin
(method url-fetch)
(uri (string-append
"mirror://gnu/gzip/gzip-"
version
".tar.xz"))
(sha256
(base32
"1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv"))))
...
It looks like `guix import gnu gzip` downloaded the .tar.xz copy, and
that it also added it to the store, so when I built it the tarball was
already in the store and I didn't notice that I forgot to change it from
.tar.gz to .tar.xz.
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gzip-1.7.tar.gz hash mismatch on core-updates
2016-04-08 6:20 ` Efraim Flashner
@ 2016-04-09 14:45 ` Ludovic Courtès
0 siblings, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2016-04-09 14:45 UTC (permalink / raw)
To: Efraim Flashner; +Cc: Guix-devel
Efraim Flashner <efraim@flashner.co.il> skribis:
> It looks like `guix import gnu gzip` downloaded the .tar.xz copy, and
> that it also added it to the store, so when I built it the tarball was
> already in the store and I didn't notice that I forgot to change it from
> .tar.gz to .tar.xz.
OK, thanks for letting us know.
It should be more convenient to use ‘guix refresh -u gzip’ here.
Normally ‘guix refresh’ honors the current tarball extension when there
are several possible choices. If it does not, that’s a bug.
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-04-09 14:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-07 22:12 gzip-1.7.tar.gz hash mismatch on core-updates Ludovic Courtès
2016-04-08 6:20 ` Efraim Flashner
2016-04-09 14:45 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).