Mail archive
alpine-devel

Re: [alpine-devel] abuildhelper question

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 4 Jul 2013 11:48:18 +0200

On Wed, 3 Jul 2013 20:42:15 -0400
Dubiousjim <dubiousjim_at_gmail.com> wrote:

> On Wed, Jul 03, 2013 at 07:54:22PM +0200, Natanael Copa wrote:
> > yes, it is because the tarball is generated on the fly. I upgraded cgit
> > not too long ago and something has changed in the way the tarball is
> > generated so the checksum no longer match.
> >
> > same thing applies to all packages that has on-the-fly generated
> > tarballs from git.a.o/cgit (acf-*)
> >
> > option 1:
> > we update the checksums on all affected aports (not funny because it
> > affects all stable apkbuilds). This could be done slowly, when we bump
> > into issue.
> >
> > option 2:
> > we roll back cgit (and try backport the sec fixes. This was strongly
> > not recommended by cgit maintainer) or try fix it so it behaves
> > identical as previous.
> >
> > option 3:
> > we add a git hook that will generate a tarball and store it
> > in /archives/$package/ when new tags are found. (we already do this for
> > apk-tools)
>
> Good to know about this. Perhaps you announced it before, but I hadn't
> noticed it until now. Yeah, that's messy. A quick scan looks like 49
> acf-* packages and 22 others are subject to this.
>

it doesnt make it easier that the build servers has the archives
cached... oh wait

maybe we should copy the archives in cache to /archive. then can source
url be changed without checksum changing. that woudl be acceptable for
stable branches too.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Jul 04 2013 - 11:48:18 UTC