From: Nicolas Graves <ngraves@ngraves.fr>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: Custom sha256 updaters ?
Date: Thu, 26 Sep 2024 16:37:17 +0200 [thread overview]
Message-ID: <87r096fplu.fsf@ngraves.fr> (raw)
In-Reply-To: <87tte2msxb.fsf@gnu.org>
On 2024-09-26 15:43, Ludovic Courtès wrote:
> Hi,
>
> Nicolas Graves <ngraves@ngraves.fr> skribis:
>
>> Has there already been some discussion about custom hash updaters? I
>> have written an import module for libreoffice, and we have access to the
>> sha256 hash in for example
>>
>> https://download.documentfoundation.org/libreoffice/src/24.2.6/libreoffice-24.2.6.2.tar.xz.sha256
>>
>> which would make it trivial to update without having to download 267MiB
>> of data twice.
>>
>> However, %method-updates doesn't seem to allow such a flexibility for
>> now. Maybe a custom field for a function in <upstream-updater> could be
>> possible? WDYT?
>
> This hasn’t been discussed before, but allow me to be skeptical. :-)
>
> First because if you run ‘guix refresh -u’, surely you’ll want to
> download the file (and note that it downloads it once, not twice,
> because the file goes into the store).
That's true. For packages without a refresh method, most of the time
I download twice though.
> Second because I think we want to encourage packagers to authenticate
> source tarballs, and files containing lists of hashes are not helpful
> for that.
I was not asking for files containing lists of hashes but rather a
function field in updaters that would be able to quickly output the
hash. In this case, it could simply go read that .sha256 file, convert
to base32, and we have the hash.
I guess it's actually more useful when creating packages rather than
refreshing them indeed. I did something like that in a nonguix PR and it
helped a lot to generate definitions based on hashes online rather than
fetching 15*40 Mo twice (this time twice ;)). I've forgotten I've used
that more for creation than refreshing. And while creating packages,
the cache is not always the store, hence the twice too.
>
> Does that make sense?
Yes, let's drop that and I'll just remember that this might sometimes be
useful but importer-specific.
--
Best regards,
Nicolas Graves
prev parent reply other threads:[~2024-09-26 14:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-20 23:20 Custom sha256 updaters ? Nicolas Graves
2024-09-26 13:43 ` Ludovic Courtès
2024-09-26 14:37 ` Nicolas Graves [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r096fplu.fsf@ngraves.fr \
--to=ngraves@ngraves.fr \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).