Re: rpmlint file-size-mismatch and github source URLs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Wed, 24 Aug 2011 07:23:30 -0700
Toshio Kuratomi <a.badger@xxxxxxxxx> wrote:
> On Wed, Aug 24, 2011 at 08:45:20AM -0400, James Laska wrote:
> > > < Location:
> > >
> Side comment to your main issue: How is this tarball being
> generated?  I see in the review request that the md5sum of the file
> at that URL has changed over time.  If it's just the upstream not
> officially releasing this tarball until the Fedora RPM is out and
> therefore making changes to the tarball to address review criteria
> it's not standard practice but okay.  If the tarball is going to
> continue to evolve with this same name after the Fedora RPM is
> reviewed, then it's probably better to generate a git snapshot.
> The aim is to make things reproducible.  If we can't count on getting
> the same tarball once the rpm is built, we'd rather have instructions
> on making a snapshot that has a revision id that we can count on
> pulling to get the same set of files at a later date.

I've done a few reviews on github packages. Even if you download a
stable tag tarball from the project in github (which in theory should
be equivalent to using a stable release tarball), it turns out that the
checksums might not match a few days after.

I think github caches the tarballs it generates for a few days, so if
you grab the same tarball repeatedly, you'll get the same md5sum. If
you wait a longer time, you will get a different result. But even
though the md5sums won't match, the contents will still be the same.
Jussi Lehtola
Fedora Project Contributor
packaging mailing list

[Home]     [Fedora Legacy]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux