Mike Auty posted on Sun, 11 Mar 2018 19:19:00 +0000 as excerpted: > tldr; Github will tarball up specific commits (or master) for you to add > to SRC_URI. > > I ended up using the github API to pull down a tarball of the git repo, > rather than using git to pull it down. I suppose that offers the > ability to Manifest it and check for changes, but I now have to encode > the fixed commit into every version of the ebuild because the only > location it's recorded is in the submodule commit hash of the package's > repo.
Please check... If I'm recalling correctly a warning posted on this list, repeated calls to the github tarballing API for the same commit will result in delivery of tarballs with differing checksums. How/why wasn't explained as I recall, possibly part of the reason I'm not sure I'm recalling things correctly as that would have internally flagged it as unreliable/needing- verification, but that was the warning as I remember it. If it's correct, you can pull the tarball from github to store on devspace and link it as the checksummed tarball, as that's static and won't change, but you can't link the github tarballing API directly, as that /will/ change and thus will fail sources checksum verification at least some of the time. But (assuming avoiding linking devspace is worth the trouble in the first place if possible) either verify it yourself or wait for verification/ negation from others, as I'm not entirely sure I'm recalling that warning post correctly. It might have been for other than github, or I might have misunderstood, or maybe they've fixed that problem by now, or... -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
