You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using opam lock on a .opam file that includes some pin-depends that point to git repositories.
Currently, the generated lockfile will simply use the same pin depends pointing to the main branch of the git repo (whose contents may change in the future).
Instead, I would like the lockfile to record the hash of the git commit at the time of locking and record it in its pin-depends.
To be extra robust I'm also wondering if the lockfile should craft a version number for the pinned package that contains the hash (so we'd have a pin-depends of the form: [ "foo.git-xxxxxx" "git+https://foo/foo.git#xxxxx" ] in the lockfile). Otherwise, with just a pin to a foo.git version, I've observed scenarios where, when upgrading to a newer lockfile, if I cancel the rebuild of foo with ^C then opam will think that the installation is in a good state because it is unable to tell that the currently installed foo.git is from an outdated pin...
The text was updated successfully, but these errors were encountered:
I'm using
opam lock
on a.opam
file that includes some pin-depends that point to git repositories.Currently, the generated lockfile will simply use the same pin depends pointing to the main branch of the git repo (whose contents may change in the future).
Instead, I would like the lockfile to record the hash of the git commit at the time of locking and record it in its pin-depends.
To be extra robust I'm also wondering if the lockfile should craft a version number for the pinned package that contains the hash (so we'd have a pin-depends of the form:
[ "foo.git-xxxxxx" "git+https://foo/foo.git#xxxxx" ]
in the lockfile). Otherwise, with just a pin to afoo.git
version, I've observed scenarios where, when upgrading to a newer lockfile, if I cancel the rebuild offoo
with ^C then opam will think that the installation is in a good state because it is unable to tell that the currently installedfoo.git
is from an outdated pin...The text was updated successfully, but these errors were encountered: