~alpine/devel

3 2

[alpine-devel] abuildhelper question

Details
Message ID
<20130703142453.GF1550@zen>
Sender timestamp
1372861493
DKIM signature
missing
Download raw message
When I fetch and verify abuildhelper from inside my current aports tree, it fails
the checksum. Can anyone else reproduce? Sometimes I've had this issue
in the past and the cause turned out to be some local filesystem thing.

The file in question is at
http://git.alpinelinux.org/cgit/nenolod/abuildhelper.git/snapshot/abuildhelper-0.0.1.tar.bz2

The APKBUILD expects md5sum:
md5sums="136616a15c5e63360a3c871d8de773c2  abuildhelper-0.0.1.tar.bz2"

In fact I'm getting:
228f62315ab107b16c974ed9487236e8  abuildhelper-0.0.1.tar.bz2

-- 
Dubiousjim
dubiousjim@gmail.com


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20130703195422.6cba9eab@ncopa-laptop.res.nor.wtbts.net>
In-Reply-To
<20130703142453.GF1550@zen> (view parent)
Sender timestamp
1372874062
DKIM signature
missing
Download raw message
On Wed, 3 Jul 2013 10:24:53 -0400
Dubiousjim <dubiousjim@gmail.com> wrote:

> When I fetch and verify abuildhelper from inside my current aports tree, it fails
> the checksum. Can anyone else reproduce? Sometimes I've had this issue
> in the past and the cause turned out to be some local filesystem thing.
> 
> The file in question is at
> http://git.alpinelinux.org/cgit/nenolod/abuildhelper.git/snapshot/abuildhelper-0.0.1.tar.bz2
> 
> The APKBUILD expects md5sum:
> md5sums="136616a15c5e63360a3c871d8de773c2  abuildhelper-0.0.1.tar.bz2"
> 
> In fact I'm getting:
> 228f62315ab107b16c974ed9487236e8  abuildhelper-0.0.1.tar.bz2
> 

yes, it is because the tarball is generated on the fly. I upgraded cgit
not too long ago and something has changed in the way the tarball is
generated so the checksum no longer match.

same thing applies to all packages that has on-the-fly generated
tarballs from git.a.o/cgit (acf-*)

option 1:
we update the checksums on all affected aports (not funny because it
affects all stable apkbuilds). This could be done slowly, when we bump
into issue.

option 2:
we roll back cgit (and try backport the sec fixes. This was strongly
not recommended by cgit maintainer) or try fix it so it behaves
identical as previous.

option 3:
we add a git hook that will generate a tarball and store it
in /archives/$package/ when new tags are found. (we already do this for
apk-tools)


-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Details
Message ID
<20130704004215.GI1550@zen>
In-Reply-To
<20130703195422.6cba9eab@ncopa-laptop.res.nor.wtbts.net> (view parent)
Sender timestamp
1372898535
DKIM signature
missing
Download raw message
On Wed, Jul 03, 2013 at 07:54:22PM +0200, Natanael Copa wrote:
> yes, it is because the tarball is generated on the fly. I upgraded cgit
> not too long ago and something has changed in the way the tarball is
> generated so the checksum no longer match.
> 
> same thing applies to all packages that has on-the-fly generated
> tarballs from git.a.o/cgit (acf-*)
> 
> option 1:
> we update the checksums on all affected aports (not funny because it
> affects all stable apkbuilds). This could be done slowly, when we bump
> into issue.
> 
> option 2:
> we roll back cgit (and try backport the sec fixes. This was strongly
> not recommended by cgit maintainer) or try fix it so it behaves
> identical as previous.
> 
> option 3:
> we add a git hook that will generate a tarball and store it
> in /archives/$package/ when new tags are found. (we already do this for
> apk-tools)

Good to know about this. Perhaps you announced it before, but I hadn't
noticed it until now. Yeah, that's messy. A quick scan looks like 49
acf-* packages and 22 others are subject to this.

-- 
Dubiousjim
dubiousjim@gmail.com


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20130704114818.302a8b8f@ncopa-desktop.alpinelinux.org>
In-Reply-To
<20130704004215.GI1550@zen> (view parent)
Sender timestamp
1372931298
DKIM signature
missing
Download raw message
On Wed, 3 Jul 2013 20:42:15 -0400
Dubiousjim <dubiousjim@gmail.com> wrote:

> On Wed, Jul 03, 2013 at 07:54:22PM +0200, Natanael Copa wrote:
> > yes, it is because the tarball is generated on the fly. I upgraded cgit
> > not too long ago and something has changed in the way the tarball is
> > generated so the checksum no longer match.
> > 
> > same thing applies to all packages that has on-the-fly generated
> > tarballs from git.a.o/cgit (acf-*)
> > 
> > option 1:
> > we update the checksums on all affected aports (not funny because it
> > affects all stable apkbuilds). This could be done slowly, when we bump
> > into issue.
> > 
> > option 2:
> > we roll back cgit (and try backport the sec fixes. This was strongly
> > not recommended by cgit maintainer) or try fix it so it behaves
> > identical as previous.
> > 
> > option 3:
> > we add a git hook that will generate a tarball and store it
> > in /archives/$package/ when new tags are found. (we already do this for
> > apk-tools)
> 
> Good to know about this. Perhaps you announced it before, but I hadn't
> noticed it until now. Yeah, that's messy. A quick scan looks like 49
> acf-* packages and 22 others are subject to this.
> 

it doesnt make it easier that the build servers has the archives
cached... oh wait

maybe we should copy the archives in cache to /archive. then can source
url be changed without checksum changing. that woudl be acceptable for
stable branches too.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)