2017-03-24 13:50 GMT+01:00 Ricardo Wurmus <rekado@elephly.net>:

>
> Catonano <catonano@gmail.com> writes:
>
> > This
> > https://sourceforge.net/projects/libxls/files/
> >
> > I attempted to build the package several times but every time the hash
> > results to be wrong.
> >
> > I correct it and then it's wrong again
> >
> > For example, I get
> >
> > @ build-failed
> > /gnu/store/dcaqrf007jxyi0jzlsakr3j7faxm122f-libxsl-1.4.0.tar.gz.drv - 1
> > output path
> > `/gnu/store/v6i85v3myb09nbsacq9ghx6yd0spcr67-libxsl-1.4.0.tar.gz' should
> > have sha256 hash `1574bcyagix5fkbs0yi2npi59y1zck23y2aia52vdv6ra3i5raid',
> > instead has `1zmsb0w6qh4vx7n7r3yijc5p4fwljyk5apzi1hwmrr5rkawmqmks'
> >
> > so I change it to
> > 1zmsb0w6qh4vx7n7r3yijc5p4fwljyk5apzi1hwmrr5rkawmqmks
> >
> > and then I get
> >
> > @ build-failed
> > /gnu/store/vsl7yz0nyklv0705jb5py015jkz3r6dg-libxsl-1.4.0.tar.gz.drv - 1
> > output path
> > `/gnu/store/wjyja461cr7kvvryp6v21q3iagf5rd8m-libxsl-1.4.0.tar.gz' should
> > have sha256 hash `1zmsb0w6qh4vx7n7r3yijc5p4fwljyk5apzi1hwmrr5rkawmqmks',
> > instead has `0fyd8h4i46qw3xii3pfa12k9k9ndmj59b552pmkpwcq7psyrbf32'
> >
> > So now it's not 1zmsb0w6qh4vx7n7r3yijc5p4fwljyk5apzi1hwmrr5rkawmqmks
> > anymore. It's
> > 0fyd8h4i46qw3xii3pfa12k9k9ndmj59b552pmkpwcq7psyrbf32
> >
> > I'm doing this with a master checkout.
> >
> > What am I missing ?
>
> Have you confirmed that the file you get is actually a tarball?
> Sometimes you might get an HTML page and Guix reports the hash for that.
>

You nailed it

I catted

/gnu/store/w1wf5d44awk0almrdrbhs8442cnzmw2b-libxsl-1.4.0.zip

which is the downloaded tarball and it contains html !

How can this be ? I'm using

(uri (string-append "mirror://sourceforge/libxsl/libxsl-"
                    version ".zip"))

The url used by icecat is
https://netassist.dl.sourceforge.net/project/libxls/libxls-1.4.0.zip

and the result is a sound tarball

How does it happen that the mirror based url leads to an html page ?


>
> In general it is better to download the tarball manually and then use
> “guix hash” on the result after confirming that the tarball is in fact
> okay (e.g. by validating signatures or inspecting it).
>

I did ! This was my first step, I inspected it ! And I hashed it

But then this whirl of hashes began

Thanks