X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from ncopa-laptop.res.nor.wtbts.net (3.203.202.84.customer.cdi.no [84.202.203.3])
	(using SSLv3 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: nc@alpinelinux.org)
	by mail.alpinelinux.org (Postfix) with ESMTPSA id 30C69DC0096;
	Wed,  3 Jul 2013 17:54:26 +0000 (UTC)
Date: Wed, 3 Jul 2013 19:54:22 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: Dubiousjim <dubiousjim@gmail.com>
Cc: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] abuildhelper question
Message-ID: <20130703195422.6cba9eab@ncopa-laptop.res.nor.wtbts.net>
In-Reply-To: <20130703142453.GF1550@zen>
References: <20130703142453.GF1550@zen>
X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.17; i686-pc-linux-gnu)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Wed, 3 Jul 2013 10:24:53 -0400
Dubiousjim <dubiousjim@gmail.com> wrote:

> When I fetch and verify abuildhelper from inside my current aports tree, it fails
> the checksum. Can anyone else reproduce? Sometimes I've had this issue
> in the past and the cause turned out to be some local filesystem thing.
> 
> The file in question is at
> http://git.alpinelinux.org/cgit/nenolod/abuildhelper.git/snapshot/abuildhelper-0.0.1.tar.bz2
> 
> The APKBUILD expects md5sum:
> md5sums="136616a15c5e63360a3c871d8de773c2  abuildhelper-0.0.1.tar.bz2"
> 
> In fact I'm getting:
> 228f62315ab107b16c974ed9487236e8  abuildhelper-0.0.1.tar.bz2
> 

yes, it is because the tarball is generated on the fly. I upgraded cgit
not too long ago and something has changed in the way the tarball is
generated so the checksum no longer match.

same thing applies to all packages that has on-the-fly generated
tarballs from git.a.o/cgit (acf-*)

option 1:
we update the checksums on all affected aports (not funny because it
affects all stable apkbuilds). This could be done slowly, when we bump
into issue.

option 2:
we roll back cgit (and try backport the sec fixes. This was strongly
not recommended by cgit maintainer) or try fix it so it behaves
identical as previous.

option 3:
we add a git hook that will generate a tarball and store it
in /archives/$package/ when new tags are found. (we already do this for
apk-tools)


-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---