Hi, Maxim Cournoyer <maxim.courno...@gmail.com> skribis:
> I could finish a script that helped me finding all of our affected > packages, verify that only the hash but not the content of the archives > had changed, as well as automate the hash update for those safe to > update. Great job! > Attached is the patch and the scripts I used. I think we might > want to reuse some of it to extend guix lint to warn packagers that > archives coming from .*github.*archives URL are not guaranteed to be > stable and that it would be better, if available, to use manually > uploaded releases archives. Unfortunately, it’s become commonplace to publish nothing else than a Git tag. Now, in those cases, we could also use ‘git-fetch’, which wouldn’t be affected by problems with generated tarballs. Thoughts? > PS: I've also uploaded the scripts here: > https://notabug.org/apteryx/fiasco for ease of cloning. Any comments > about my nascent (ab)use of Scheme are welcome! The code looks nice! > From 774a764149ecb0e234ae09c9a0a273af671c3c86 Mon Sep 17 00:00:00 2001 > From: Maxim Cournoyer <maxim.courno...@gmail.com> > Date: Sun, 15 Oct 2017 22:17:12 -0400 > Subject: [PATCH] gnu: packages: Fix the hashes of mutated GitHub archives. > > Fixes bug https://bugs.gnu.org/28745. > > * gnu/packages/audio.scm (csound): Fix hash. > * gnu/packages/engineering.scm (fritzing): Likewise. > * gnu/packages/erlang.scm (erlang): Likewise. > * gnu/packages/fonts.scm (font-google-material-design-icons): Likewise. > * gnu/packages/graphics.scm (ogre): Likewise. > * gnu/packages/java.scm (java-plexus-interpolation, antlr3): Likewise. > * gnu/packages/serialization.scm (yaml-cpp): Likewise. > * gnu/packages/version-control.scm (libgit2): Likewise. I’ve checked the hashes by running: ./pre-inst-env guix build -S --no-substitutes csound fritzing erlang \ font-google-material-design-icons ogre java-plexus-interpolation \ antlr3 yaml-cpp libgit2 --max-jobs=2 and everything went well. Pushed as fd75eb6cd4e5c689f9e6ce7dd8d87f423778d308, thanks! Ludo’.
