Re: [alpine-devel] abuildhelper question
On Wed, 3 Jul 2013 20:42:15 -0400
Dubiousjim <dubiousjim_at_gmail.com> wrote:
> On Wed, Jul 03, 2013 at 07:54:22PM +0200, Natanael Copa wrote:
> > yes, it is because the tarball is generated on the fly. I upgraded cgit
> > not too long ago and something has changed in the way the tarball is
> > generated so the checksum no longer match.
> > same thing applies to all packages that has on-the-fly generated
> > tarballs from git.a.o/cgit (acf-*)
> > option 1:
> > we update the checksums on all affected aports (not funny because it
> > affects all stable apkbuilds). This could be done slowly, when we bump
> > into issue.
> > option 2:
> > we roll back cgit (and try backport the sec fixes. This was strongly
> > not recommended by cgit maintainer) or try fix it so it behaves
> > identical as previous.
> > option 3:
> > we add a git hook that will generate a tarball and store it
> > in /archives/$package/ when new tags are found. (we already do this for
> > apk-tools)
> Good to know about this. Perhaps you announced it before, but I hadn't
> noticed it until now. Yeah, that's messy. A quick scan looks like 49
> acf-* packages and 22 others are subject to this.
it doesnt make it easier that the build servers has the archives
cached... oh wait
maybe we should copy the archives in cache to /archive. then can source
url be changed without checksum changing. that woudl be acceptable for
stable branches too.
Received on Thu Jul 04 2013 - 11:48:18 UTC