> On Oct 5, 2016, at 4:52 PM, Khem Raj <raj.k...@gmail.com> wrote:
>> On Oct 5, 2016, at 4:45 PM, Randy Mortensen <ran...@stratagemsystems.com> 
>> wrote:
>>> On Oct 5, 2016, at 5:04 PM, Darcy Watkins <dwatk...@sierrawireless.com> 
>>> wrote:
>>> 
>>> From what I gleaned from recent discussions of fetcher errors, this is 
>>> somehow connected with rollout of Python related security fixes to various 
>>> Linux distributions and/or some ...-native recipes.
>>> 
>>> It was a bunch of tar balls that are named as mercurial hashes from within 
>>> iced tea rather than the yocto fetch. I worked around it by grabbing the 
>>> tarballs from a different checkout since I didn't have time to dig into it.
>>> 
>>> It affected a fresh checkout I was building from scratch.
>>> 
>> Thanks for the response. This also happened to me when trying to build from 
>> scratch.
>> For my clarification, did you already have the tar balls downloaded or were 
>> you able to download them from a previous (icedtea) commit somehow?

I had the tar balls in a different build that I had around for some time.  The 
reason I never cached these ones in a shared location on our server was I felt 
that tar balls with small hashes as filenames was too prone to collisions, 
especially without a package name as a prefix.  I don't know if that is a 
convention of iced tea, or how the fetcher handles mercurial.

> Can you check if the tarballs have been rebuilt upstream ? if so we should 
> try to find out what changed.
> It could also be an oversight that a recipe update forgot or updated the 
> checksums wrongly. but we should try to root cause it

I agree here.  We should root cause it.

---

Regards,

Darcy

Darcy Watkins
Staff Engineer, Firmware
Sierra Wireless
http://sierrawireless.com
[M4]

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to