From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52022) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fGlvS-0006gW-2y for guix-patches@gnu.org; Thu, 10 May 2018 09:48:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fGlvO-0002ER-3n for guix-patches@gnu.org; Thu, 10 May 2018 09:48:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:48179) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fGlvN-0002EM-Sn for guix-patches@gnu.org; Thu, 10 May 2018 09:48:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fGlvN-0002zz-Ls for guix-patches@gnu.org; Thu, 10 May 2018 09:48:01 -0400 Subject: [bug#31395] [PATCH 2/2] gnu: Add snap. Resent-Message-ID: Date: Thu, 10 May 2018 08:47:22 -0500 From: Eric Bavier Message-ID: <20180510084722.6df5e6b9@centurylink.net> In-Reply-To: <87y3grpsgn.fsf@nicolasgoaziou.fr> References: <20180509214622.28928-1-mail@nicolasgoaziou.fr> <20180509214622.28928-2-mail@nicolasgoaziou.fr> <20180509213625.5fa4db0a@centurylink.net> <87y3grpsgn.fsf@nicolasgoaziou.fr> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/dSYYrUTe64FNQ9iDujVJfT7"; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Nicolas Goaziou Cc: 31395@debbugs.gnu.org --Sig_/dSYYrUTe64FNQ9iDujVJfT7 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 10 May 2018 15:10:00 +0200 Nicolas Goaziou wrote: > Hello, >=20 > Eric Bavier writes: >=20 > >> + (uri (string-append > >> + "https://github.com/jmoenig/Snap--Build-Your-Own-Blocks/= archive/" > >> + version ".tar.gz")) =20 > > > > I think we're trying to stay away from Github's auto-generated tarballs > > now, because they are not guaranteed to remain the same over time. > > > > Unfortunately this project doesn't seem to upload its own release > > tarballs. I would instead use a git checkout. =20 >=20 > Version is a tag, therefore a commit, so I would think it should remain > identical over time. Besides a number of packages use this (e.g., > audacity...) It's worse than that. See e.g. https://marc.info/?l=3Dopenbsd-ports&m=3D151973450514279&w=3D2 Many other packages use it because the issue was only brought to light more recently. >=20 > Granted, I'm not well-versed in Github technology. Yet, using a git > checkout slightly complicates the package, and its subsequent updates, > so I'd rather only use it if absolutely necessary. >=20 > WDYT? I don't think it would make the package more difficult. If anything I think it could make it easier. E.g. it wouldn't need the tar and gzip inputs and wouldn't need to untar. You don't need to use a git hash at all. If the release is tagged, you can use that in the git-reference commit. E.g. a recent package I made, "ghostwriter", does this. HTH, `~Eric --Sig_/dSYYrUTe64FNQ9iDujVJfT7 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoMXjUi7471xkzbfw/XPKxxnTJWYFAlr0TWoACgkQ/XPKxxnT JWZyKA/+N6I2qbZE+AgK3dle6FoG1SVGGwR9H5oCNr93TUHjQiaWcFhuINygcu7w zba/zCey/Kh5Gpiyawa+eFKGuWFn1JX5CTYwa9LFosul9Qcma0IP03EF8+H+RTOD 3D8S4JJ3Hy5ZeQwLpjTUBnu8A1e+4Hmoo0ZsA9ScgYs9LDHln20VMFV8hh/JEgEP GMBZ8norSc/1qyMzmFHqKp5QVKHmFAHioUht7hcDbmh5WnOn7wAhabQEiXqEGv2g bE1H/VkCzw73ynXQ+ya8afG/BKBJ8GF5Ni5qXwiVoQim9QWLjaly0vFB4R3iGNnc 4PIlI0Dsgj/umwKpftOEjRDBos9wQqRiebTCdYZL3dbHw645Jm/a0j4kMDUM7y9s 9u7zMkJLNLpwTFK4le/VrJUidex6IQ+Ssnf4I6Zh6dsEKg8+5NCoxA2MwlLUYI5O KP8pYG/c/d3gSZA9+O86u0f8fszwk4tHMss9ppkpaNDVpudHnQaW9ZsJ8dw4AWDm 3YdlgiF0HfKwC8CnREUonkFn/e1dZP7I2U+AOi1Bo9/EFfME/eDY3Xs2rh3W+n6m iLG/7aQPk6UAl7goqhQzs1e22bWYXBXXTXAEUoCWBmhd+gdJkS15KH4uOzDKGfxP EYh+rWXDLzRX3V7tUtuXr12Bv6mxEKrsx/NcJaXDdOdV90df1qc= =v9/x -----END PGP SIGNATURE----- --Sig_/dSYYrUTe64FNQ9iDujVJfT7--