From: Eli Schwartz <eschwartz93@gmail.com>
To: gentoo-dev@lists.gentoo.org, "Arsen Arsenović" <arsen@gentoo.org>,
"Daniel Eklöf" <daniel@ekloef.se>
Subject: Re: [gentoo-dev] heads up: codeberg changed gzip impls (?) for ${REPO}/archive/${TAG}.tar.gz files
Date: Mon, 11 Dec 2023 08:43:35 -0500 [thread overview]
Message-ID: <9c150c49-74e0-42c5-8120-2eebe782833a@gmail.com> (raw)
In-Reply-To: <86h6kpaty4.fsf@gentoo.org>
On 12/11/23 5:47 AM, Arsen Arsenović wrote:
> hi,
>
> it seems that codeberg has changed how they produce their archives on
> URLs like <https://codeberg.org/dnkl/foot/archive/${tag}.tar.gz> leading
> to digest failures like <https://bugs.gentoo.org/919135>, as implied by
> the following checks:
>
> ~$ diff <(<dls/foot-1.16.2.tar.gz gzip -d) <(</var/cache/distfiles/foot-1.16.2.tar.gz gzip -d)
> ~$ diff <(<dls/foot-1.16.2.tar.gz cat) <(</var/cache/distfiles/foot-1.16.2.tar.gz cat)
> Binary files /dev/fd/63 and /dev/fd/62 differ
>
> the above shows that compressed content differs while decompressed
> content remains identical.
>
> (dls/foot-1.16.2.tar.gz is downloaded from the master distfiles mirror,
> /var/cache/distfiles/foot-1.16.2.tar.gz is fetched from codeberg at
> around two in the morning last night)
>
> you might want to regenerate manifests for projects fetching from
> /archive/ urls on codeberg.
>
> Daniel, thank you for working on foot. may I ask that you attach 'meson
> dist'-generated files to releases? you could also use that opportunity
> to hash or sign them, if you so desire.
>
> in either case, thank you again.
>
> have a lovely day, all!
It sounds like they completely failed to get the memo about:
https://github.com/orgs/community/discussions/46034
However, I really do wish tremendously that they *would* change all
tarball checksums... for a good reason!
Namely, they need to fix https://github.com/go-gitea/gitea/issues/18078
because currently gitea-based software forges kind of suck and I'd
rather no one used them for anything, lol.
It does appear that since last year when they fixed an unrelated issue,
closed *this* issue as "not fixed but sometime in the future we'll fix
it, we pinky promise"...
... that they've fixed the issue for manually uploaded release assets
where the download url was based on an unpredictable uuid.
So that's sort of kind of a little bit good at least.
--
Eli Schwartz
prev parent reply other threads:[~2023-12-11 13:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-11 10:47 [gentoo-dev] heads up: codeberg changed gzip impls (?) for ${REPO}/archive/${TAG}.tar.gz files Arsen Arsenović
2023-12-11 12:47 ` Arsen Arsenović
2023-12-11 13:43 ` Eli Schwartz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9c150c49-74e0-42c5-8120-2eebe782833a@gmail.com \
--to=eschwartz93@gmail.com \
--cc=arsen@gentoo.org \
--cc=daniel@ekloef.se \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox