From mboxrd@z Thu Jan 1 00:00:00 1970 From: Efraim Flashner Subject: Re: Software Heritage API Date: Wed, 23 Aug 2017 22:12:38 +0300 Message-ID: <20170823191238.GJ2484@macbook42.flashner.co.il> References: <878tpj8xye.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="M9pltayyoy9lWEMH" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56706) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dkb54-00051A-Rf for guix-devel@gnu.org; Wed, 23 Aug 2017 15:12:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dkb51-0002Z6-Jh for guix-devel@gnu.org; Wed, 23 Aug 2017 15:12:46 -0400 Content-Disposition: inline In-Reply-To: <878tpj8xye.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: Guix-devel --M9pltayyoy9lWEMH Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 06, 2017 at 10:34:17AM +0100, Ludovic Court=C3=A8s wrote: > Hello Guix! >=20 > I couldn=E2=80=99t attend the Software Heritage talk at FOSDEM, but they = had > good news: >=20 > https://www.softwareheritage.org/2017/02/04/archive-api/ >=20 > The API is currently limited to meta-data (retrieving the actual data > returns 401.) Still that looks pretty cool already. >=20 > Ludo=E2=80=99. >=20 I've kept this tagged to take a look at it later. I checked the sha1sum of swig-3.0.10.tar.gz and it gave me a valid URL. https://archive.softwareheritage.org/api/1/content/c672b8535394cfb204c70de7= c66e69fb20a95647/ https://archive.softwareheritage.org/api/1/content/sha1:c672b8535394cfb204c= 70de7c66e69fb20a95647/ https://archive.softwareheritage.org/api/1/content/sha256:2939aae39dec06095= 462f1b95ce1c958ac80d07b926e48871046d17c0094f44c/ If you take a look at the page(s), '/raw' can only be appended to the sha1 (or blank) URLs to download the source, which currently returns 401. Currently our "magic mirrors" search hydra based on the hash; in order to check here also for the source we'd have to undo the base32 hash, and then either transform the sha256 hash to a sha1 hash, or use two API calls, the first to check for the source and the second to get and use the url to download it. A quick check online makes me think it's not possible to take a sha256 hash and get the sha1 hash of that file. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --M9pltayyoy9lWEMH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlmd05sACgkQQarn3Mo9 g1GubBAAu3wkALxXzj9E8UJziP6oMvtiv1mfltLCJEzkzgE6qGQxn3M8qVz1NDh3 /V343QyePxJDcgxauRe0h4neLAbnPINGKQY4j3E967gNbGNKbH9v41/W+F97Cfl4 52Ywpdg+mqFbXvQDLK1yYZkQnTSHpiUH7BftnLUpQjQukYgnMYDmRyytOcFkO2bm mXZcYE0/TSfL8eqCibcDHJ86YV2k10DR3OSxhxSCY1k//7FGarTVaIUXpbcqgnBK 05WDh5P1jKXDTmKaav6KvlC7oOKO9mqMmuynDcqoXTa+kmPsQbJToe51RvG/vjou gEpNU7xjzRXFYIBPQHArxgSsV9vLC1TS6GrsLyDjvzeoUv7egkdzXPCMVQ+10hxA tfdQS07kDJxxHagZ5ajrR7se8QdKQyVoWJLd1GU7iQIUCfuThK26VIrf02ZE4QUA yDZvnVYkeUVXIPZEScjPFo1/gY29GlszjUghW20BGUyFDWyY2IBfRs1CVRVcU04M hDDIBdeiLkGqHqLfiXiCMPtZC1XmsHZpjnjH/vwcO9Qz8ueUf5YtjofcsM0MA1Hv fyFD+pLL8whsNvsZYru14s5Vg1UDCvTgGXRLhpB3Yp1q/mzzY4AtCttoVpEbelWb fRb2XxstqvpdqzBKQcUIISzG36LoJ7RF4d2Y6+9Ku4ZJsyG5ASg= =WK5z -----END PGP SIGNATURE----- --M9pltayyoy9lWEMH--