From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: =?utf-8?B?4oCYZ3VpeCBsaW504oCZ?= URL checks
Date: Sun, 28 Aug 2016 01:12:09 +0200
Message-ID: <8737lp6c3a.fsf_-_@gnu.org>
References: <CAL1_imka2q29dUiXx_A=XjKYwfP1FvRjpa=xqhToUJNjcQatCQ@mail.gmail.com>
	<87h9ajqkw1.fsf@gmail.com>
	<CAL1_immViabBTrr=e2DCYJQq+iV28mbVbdT5J5JHhEP+6u9M1A@mail.gmail.com>
	<20160818012541.GA31426@jasmine>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57189)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1bdmlw-0007mM-1y
	for guix-devel@gnu.org; Sat, 27 Aug 2016 19:12:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1bdmlu-000895-3M
	for guix-devel@gnu.org; Sat, 27 Aug 2016 19:12:19 -0400
In-Reply-To: <20160818012541.GA31426@jasmine> (Leo Famulari's message of "Wed,
	17 Aug 2016 21:25:41 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel <guix-devel@gnu.org>, Alex Kost <alezost@gmail.com>

Leo Famulari <leo@famulari.name> skribis:

> On Wed, Aug 17, 2016 at 09:20:42PM +0200, David Craven wrote:
>> Oh, that's embarrassing. I must have forgotten to change the hash and
>> guix cached the tarball. Is that possible?
>
> If the hash is matched in the store, the URL is not used, so you won't
> see an incorrect URL fail to match the hash.
>
> This is a common cause of buggy patches.
>
> I wonder, are there any drawbacks of making the linter check that the
> URL provides the data named by the hash?

The rationale so far was that =E2=80=98guix lint foo=E2=80=99 should be fas=
t (a couple
of seconds at most), and =E2=80=98guix lint=E2=80=99 (all packages) should =
complete in
less than a day.  ;-)

Thus, the =E2=80=98source=E2=80=99 and =E2=80=98home-page=E2=80=99 checks s=
imply ensure that the URI
points to something accessible instead of actually downloading the
thing.  This is fast and catches the most obvious errors, but has the
drawback of not catching the right-URL-wrong-hash kind of errors.

Ludo=E2=80=99.