From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id iNfvLcdXzWKMpgAAbAwnHQ (envelope-from ) for ; Tue, 12 Jul 2022 13:15:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id eFsYLcdXzWIMOwAAG6o9tA (envelope-from ) for ; Tue, 12 Jul 2022 13:15:19 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 635013C822 for ; Tue, 12 Jul 2022 13:15:19 +0200 (CEST) Received: from localhost ([::1]:58646 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oBDrK-0007q1-EF for larch@yhetil.org; Tue, 12 Jul 2022 07:15:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57596) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oBDr0-0007nG-VU for help-guix@gnu.org; Tue, 12 Jul 2022 07:14:58 -0400 Received: from mout01.posteo.de ([185.67.36.65]:59143) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oBDqu-0001I0-TV for help-guix@gnu.org; Tue, 12 Jul 2022 07:14:58 -0400 Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 54D0E240029 for ; Tue, 12 Jul 2022 13:14:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1657624489; bh=tw7U9gElaAxHyvCaT9qL586IPcoGlAg0f7A7B+Rpfu8=; h=Date:Subject:To:Cc:From:From; b=A9sqff/T7BadrrpU2E7peNXU+NPaS1ARDVRC6YeqfTXIAKJV9zm2Rz7JumyGPcvlZ ot+yr2Ub/AMdOmLWBY11Vzhpccg2x5nRMrZF8QaZpGy0NqqlEkVrRhP72HdK7Z6pRE x+7pTMVVgCQ+x3FDEvjBFbioYpi04q1ynAtr/xAB6r9GGhxyjFHwz/mTeIFL7XmQ9/ wmtQAknE7GTBKu9n1Uj3hhg6J1PQ67zcbc875OqZg9zr2HigqiylikPF7yCz81DAZa KUoUsj3s/oZmAFWkXfwbbhvv4r3OfnJBLU3JN1E8NSg1SMiDv41yB7qridayQXwLeG 4y2qsu16ZPqgg== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4Lhyp03x7lz6tmR; Tue, 12 Jul 2022 13:14:48 +0200 (CEST) Message-ID: <49160a10-8177-9d44-646f-940859b7f663@posteo.de> Date: Tue, 12 Jul 2022 11:14:47 +0000 MIME-Version: 1.0 Subject: Re: Package definition hash calculation Content-Language: en-US To: Julien Lepiller Cc: help-guix References: <54cbdaf2-f1ef-7490-7c2a-05f63edf7d56@posteo.de> <764ABCE7-B46B-49A7-8C6F-0892BAA8C48B@lepiller.eu> <500e3084-71dd-12b3-bf37-8cc8bc47abb0@posteo.de> <96C11B7F-4808-4EAB-858B-D6E22BA566C4@lepiller.eu> From: Zelphir Kaltstahl In-Reply-To: <96C11B7F-4808-4EAB-858B-D6E22BA566C4@lepiller.eu> Received-SPF: pass client-ip=185.67.36.65; envelope-from=zelphirkaltstahl@posteo.de; helo=mout01.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1657624519; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=g9MOrqfQMBlkRsTyduWRDtgebEum035PEpTI2p2bcsg=; b=t6nz0+TgwTx0H10Dk5DcaDbvZ5Dd276zCe06SsAgUmEmsMJHz7W/emUKrR3xmnOWZ/0Nwt x2OtNkQkyrLktj0kBRqM5OgHtEnXihbYRzkLLaniOkFHgmpLYHCl1WRoLWIaQGSLF0yz3t NK7isaidzUlTCbG9rKpdqgi8uOdbLYLOVZGjKx/bjIjoRzkqS4WkVduYf+WBe4v66Uw74o JHvRi/+duUEcf5v/joXllYY1oMzwdY4CRAoMFbiPU6fYAw8w46rn/ja9OAeCkokhFOoXLc lYDUx31k4lUAbQ2KdS2n+JlekgHoK/0vLT9g3ZspjkrxT0ZehkF8n3r1Cc3WYg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1657624519; a=rsa-sha256; cv=none; b=r1EAZJnvGjCdqr5p91Dj2hplQOddfiSDpCZSHlHDEKqEDkH9G7pd31yMjIjzmArGBj+Vcs GIOPs6DpdlAt8N+eBik4lFiMCPnFAa4M/t1AAz1vOur9/IwCP2ySuBtHfzfNJEECfg7MsR 340hZOsk5QW1iGTmoUPoHTT9A1w5bBpWhEff0jdIURMSTpUSbjLpQ9ajjU3hhDIQZlYvZO wDW+O43y74kA+RsnIN1QvBqEm2zsdesM8AkD91TFpEjZ0qWeYOvdX6Nc9ZTmBekxf4+ges UyKCwEJD+V6MF3bzI3KbcjDtJr1dcYea+tCvmra3JFGt3txhS8ZYnYqBsMaYMA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=posteo.de header.s=2017 header.b="A9sqff/T"; dmarc=fail reason="SPF not aligned (strict)" header.from=posteo.de (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 6.05 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=posteo.de header.s=2017 header.b="A9sqff/T"; dmarc=fail reason="SPF not aligned (strict)" header.from=posteo.de (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 635013C822 X-Spam-Score: 6.05 X-Migadu-Scanner: scn0.migadu.com X-TUID: YhkA9tGxC1hU I was updating the `guix.scm` and then calculating the hash, and then updating the `guix.scm` and then calculating the hash and so on. It's not because I don't understand, how a hash works, but because I thought, that: * I am calculating the hash in the wrong way. ("Could be there is a way, which ignores the `guix.scm` when calculating the hash, but I am doing it wrong.") * I thought, that I must have a `guix.scm` file in the repository. * I did not know about `git-checkout` as a `source` method. Now I know: One can have a guix.scm file in the repo, if it does not change at every commit, and the means to do that is `git-checkout`. The guix package definition for `gnu/packages/guile-xyz.scm` can be different and can use `url-fetch` or `git-fetch`. Thanks for clearing up my confusion! Regards, Zelphir On 7/11/22 12:18, Julien Lepiller wrote: > I don't think it's documented. > > I use guix.scm in my projects, so it's supported. I don't understand your > issue with the hash then, because now it sounds that you're cloning the same > commit everytime, so how do you get a different hash? > > Le 11 juillet 2022 11:19:25 GMT+02:00, Zelphir Kaltstahl > a écrit : > > Hello Julien! > > I did create the release tag on the latest commit, which was also the > master branch. I thought there was some clever trick to get Guix to ignore > the `guix.scm` file, when calculating the hash sum, but apparently that is > not the case. I still wonder how I made the first version of the package > though. I did not know about `git-checkout` as `source` method. Thanks for > that! > > I am unsure, whether my project must have a `guix.scm` file or not, to be > a valid Guix package in the end, when I add it to (update the entry in) > `gnu/packages/guile-xyz.scm`. Maybe a `guix.scm` in the project is not > even needed. > > Anyway, the idea makes sense to track the master using a checkout without > a hash sum, so that I don't have the problem of the hash changing any > longer. Just not sure it will work for updating the package in guix. I > will try it. > > There is no information about `git-checkout`: > https://guix.gnu.org/manual/en/html_node/origin-Reference.html Is it > elsewhere in the docs? > > Best regards, > Zelphir > > On 7/9/22 13:44, Julien Lepiller wrote: >> When you use guix download, or url-fetch, the hash is computed over the >> entire file, whether it's a tarball that contains other files or whatever >> else doesn't matter. You can't exclude files from inside the tarball. >> It's just the checksum of the file. >> >> What you describes sounds like you're downloading a tarball that's >> generated from your master instead of a particular commit. So everytime >> you push a change to guix.scm, it's a new commit and a different tar.gz >> (different checksum). So you're always chasing after the correct >> checksum, which won't work. >> >> So you can have a guix.scm in your repo, but it can't refer to a >> generated tarball from master. Instead, you could make it refer to master >> and not have to provide a hash like so: >> >> (source (git-checkout (url "https://…"))) >> >> No more chasing afcer master :) >> >> On July 9, 2022 1:09:27 PM GMT+02:00, Zelphir Kaltstahl >> wrote: >> >> Hello Guix users! >> >> I feel a bit stupid to ask about this topic again, however, to me it is not really clear, what I need to do, when calculating the hash of a package, so that I can write it in the package definition. >> >> I have a project (https://notabug.org/ZelphirKaltstahl/guile-fslib), which I have packaged before, but that was already a year ago or so, and I forgot the precise process involving the hashes. >> >> I have the following questions: >> >> (1) When I edit the `guix.scm` file and change the hash in there, make a tarball release on notabug, and then run `guix download `, I get a new hash. If I edit the guix.scm file again and repeat the process, I get a new hash … endless loop of getting a new hash and changing the file accordingly. My guess is, that this is, because `guix download` does not exclude the `guix.scm` file. I would have to manually make a `tar.gz` and upload that as a release to notabug and then reference that. – Is this correct? >> >> (2) I guess I should be using `guix hash --exclude-vcs --serializer=nar --format=??? .` instead, since my package definition makes use of the `git-fetch` method of fetching the package. I had totally forgotten about this, until I searched in old e-mails, reading old replies to previous questions I asked on this mailing list. I think it could be made clearer in the docs, which command to use in which case. However, now I am not sure which `--format=` I should use. I would guess `base32`, because in my package definition it says `(sha256 (base32 "..."))`. Is this correct? Or is the default fine? >> >> (3) What is the recommended way to update a package's source code and then "in one go" calculate the hash, update the `guix.scm` and make a proper release, which only has the appropriate files in the tarball? >> >> (4) Should a release tarball contain a `guix.scm` package definition? (My guess is not, since the hash in that file changes and that would change the tarball. Maybe I am overlooking things/magic though.) >> >> I am feeling like I am stuck in what should be a simple process, because I still have some points that are unclear to me. I try updating my guide to packaging a pure Guile package when I learn new things, so that I can read up next time I want to make a release or a new package, but a few things are still missing or unclear. >> >> Thank you for all your help! >> >> Best regards, >> Zelphir >> >> -- repositories: https://notabug.org/ZelphirKaltstahl >> > -- > repositories:https://notabug.org/ZelphirKaltstahl > -- repositories:https://notabug.org/ZelphirKaltstahl