From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#28745: [PATCH] tarballs generated on github are generated on demand (leading to different hash sums) Date: Fri, 20 Oct 2017 23:04:43 +0200 Message-ID: <871slxcyz8.fsf@gnu.org> References: <20171008114009.3tyhcuioaau6tlya@abyayala> <87k1zv7pos.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54812) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e5eTa-0007Ho-Bo for bug-guix@gnu.org; Fri, 20 Oct 2017 17:05:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e5eTW-0001o1-94 for bug-guix@gnu.org; Fri, 20 Oct 2017 17:05:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:44152) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e5eTW-0001nr-6B for bug-guix@gnu.org; Fri, 20 Oct 2017 17:05:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e5eTV-0006VM-To for bug-guix@gnu.org; Fri, 20 Oct 2017 17:05:01 -0400 Sender: "Debbugs-submit" Resent-To: bug-guix@gnu.org Resent-Message-ID: In-Reply-To: <87k1zv7pos.fsf@gmail.com> (Maxim Cournoyer's message of "Sun, 15 Oct 2017 23:10:43 -0400") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Maxim Cournoyer Cc: bug#28745 <28745-done@debbugs.gnu.org> Hi, Maxim Cournoyer skribis: > I could finish a script that helped me finding all of our affected > packages, verify that only the hash but not the content of the archives > had changed, as well as automate the hash update for those safe to > update. Great job! > Attached is the patch and the scripts I used. I think we might > want to reuse some of it to extend guix lint to warn packagers that > archives coming from .*github.*archives URL are not guaranteed to be > stable and that it would be better, if available, to use manually > uploaded releases archives. Unfortunately, it=E2=80=99s become commonplace to publish nothing else than= a Git tag. Now, in those cases, we could also use =E2=80=98git-fetch=E2=80= =99, which wouldn=E2=80=99t be affected by problems with generated tarballs. Thoughts? > PS: I've also uploaded the scripts here: > https://notabug.org/apteryx/fiasco for ease of cloning. Any comments > about my nascent (ab)use of Scheme are welcome! The code looks nice! > From 774a764149ecb0e234ae09c9a0a273af671c3c86 Mon Sep 17 00:00:00 2001 > From: Maxim Cournoyer > Date: Sun, 15 Oct 2017 22:17:12 -0400 > Subject: [PATCH] gnu: packages: Fix the hashes of mutated GitHub archives. > > Fixes bug https://bugs.gnu.org/28745. > > * gnu/packages/audio.scm (csound): Fix hash. > * gnu/packages/engineering.scm (fritzing): Likewise. > * gnu/packages/erlang.scm (erlang): Likewise. > * gnu/packages/fonts.scm (font-google-material-design-icons): Likewise. > * gnu/packages/graphics.scm (ogre): Likewise. > * gnu/packages/java.scm (java-plexus-interpolation, antlr3): Likewise. > * gnu/packages/serialization.scm (yaml-cpp): Likewise. > * gnu/packages/version-control.scm (libgit2): Likewise. I=E2=80=99ve checked the hashes by running: ./pre-inst-env guix build -S --no-substitutes csound fritzing erlang \ font-google-material-design-icons ogre java-plexus-interpolation \ antlr3 yaml-cpp libgit2 --max-jobs=3D2 and everything went well. Pushed as fd75eb6cd4e5c689f9e6ce7dd8d87f423778d308, thanks! Ludo=E2=80=99.