X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from dal-a2.localdomain (unknown [74.117.189.115])
	by mail.alpinelinux.org (Postfix) with ESMTP id A54EEDC009B
	for <alpine-devel@lists.alpinelinux.org>; Thu,  4 Jul 2013 09:48:24 +0000 (UTC)
Received: from ncopa-desktop.alpinelinux.org (3.203.202.84.customer.cdi.no [84.202.203.3])
	(using SSLv3 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ncopa@tanael.org)
	by dal-a2.localdomain (Postfix) with ESMTPSA id ADCB3BC28A7;
	Thu,  4 Jul 2013 09:48:23 +0000 (UTC)
Date: Thu, 4 Jul 2013 11:48:18 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: Dubiousjim <dubiousjim@gmail.com>
Cc: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] abuildhelper question
Message-ID: <20130704114818.302a8b8f@ncopa-desktop.alpinelinux.org>
In-Reply-To: <20130704004215.GI1550@zen>
References: <20130703142453.GF1550@zen>
	<20130703195422.6cba9eab@ncopa-laptop.res.nor.wtbts.net>
	<20130704004215.GI1550@zen>
X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.17; x86_64-unknown-linux-gnu)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Wed, 3 Jul 2013 20:42:15 -0400
Dubiousjim <dubiousjim@gmail.com> wrote:

> On Wed, Jul 03, 2013 at 07:54:22PM +0200, Natanael Copa wrote:
> > yes, it is because the tarball is generated on the fly. I upgraded cgit
> > not too long ago and something has changed in the way the tarball is
> > generated so the checksum no longer match.
> > 
> > same thing applies to all packages that has on-the-fly generated
> > tarballs from git.a.o/cgit (acf-*)
> > 
> > option 1:
> > we update the checksums on all affected aports (not funny because it
> > affects all stable apkbuilds). This could be done slowly, when we bump
> > into issue.
> > 
> > option 2:
> > we roll back cgit (and try backport the sec fixes. This was strongly
> > not recommended by cgit maintainer) or try fix it so it behaves
> > identical as previous.
> > 
> > option 3:
> > we add a git hook that will generate a tarball and store it
> > in /archives/$package/ when new tags are found. (we already do this for
> > apk-tools)
> 
> Good to know about this. Perhaps you announced it before, but I hadn't
> noticed it until now. Yeah, that's messy. A quick scan looks like 49
> acf-* packages and 22 others are subject to this.
> 

it doesnt make it easier that the build servers has the archives
cached... oh wait

maybe we should copy the archives in cache to /archive. then can source
url be changed without checksum changing. that woudl be acceptable for
stable branches too.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---