[Buildroot] [PATCH] package/dvb-apps: add hash file
Yann E. MORIN
yann.morin.1998 at free.fr
Sun Jul 5 17:37:02 UTC 2020
Thomas, Sergio, All,
On 2020-07-05 14:54 +0200, Thomas Petazzoni spake thusly:
> On Fri, 3 Jul 2020 22:05:33 -0300
> Sergio Prado <sergio.prado at e-labworks.com> wrote:
> > Signed-off-by: Sergio Prado <sergio.prado at e-labworks.com>
> > +# Locally computed:
> > +sha256 099ccbad8dc7263cbeae4c8439f181fb0c031624d8afb40d00bb7462aa1ea645 dvb-apps-3d43b280298c39a67d1d889e01e173f52c12da35.tar.gz
>
> Unfortunately, this doesn't work: it seems like our hashes for
> Mercurial fetched packages are not reproducible:
They should be. It was my experience that hg does produce reproducible
archives, even without a complexe dance like we do with the git backend.
See commit 76b51f90c0e which purportedly made them reproducible.
> ERROR: dvb-apps-3d43b280298c39a67d1d889e01e173f52c12da35.tar.gz has wrong sha256 hash:
> ERROR: expected: 099ccbad8dc7263cbeae4c8439f181fb0c031624d8afb40d00bb7462aa1ea645
> ERROR: got : 926208b7e711b4bab1a909ff9bf4e6ae54acdd30a46f5d5bd700ecb088fe1f57
I too got that 926208 sha256 here, with two different hg versions: 3.7.3
and 4.8.2.
> --2020-07-05 14:51:38-- http://sources.buildroot.net/dvb-apps/dvb-apps-3d43b280298c39a67d1d889e01e173f52c12da35.tar.gz
dvb-apps-3d43b280298c39a67d1d889e01e173f52c12da35.tar.gz 2014-Sep-01 16:03:23 442.7K application/x-gtar-compressed
So, this file was created before the commit that made the archives
reproducible. So, no surprise that the sha256 does not match the
locally-created archive but that from s.b.o.
> Interestingly, python-pygame is also fetched from Mercurial, also has a
> hash file, and it is also wrong:
>
> >>> python-pygame d61ea8eabd56 Downloading
A full sha1 should be used, rather than a shortened one.
The python-pygame archive was however created after commit 76b51f90c0e...
> requesting all changes
> adding changesets
> adding manifests
> adding file changes
> added 3652 changesets with 15404 changes to 1890 files (+17 heads)
> new changesets 4609a0076cda:48e19c7b9ee9
> ERROR: pygame-d61ea8eabd56.tar.gz has wrong sha256 hash:
> ERROR: expected: f95a7dd68ea294d415e36e068d2f533c5a01c67773452d14a535c5c7455681fe
> ERROR: got : d5e0a43a4e338de4cb282af0ddd6e671055d6b9290030c27cfac41b1f7801232
I too git d5e0a43a4e33.
What machine is pushing the archives to s.b.o. ?
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list