Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SourceForge redirecting to latest file unexpectedly #3565

Closed
fgaz opened this issue Dec 8, 2023 · 3 comments
Closed

SourceForge redirecting to latest file unexpectedly #3565

fgaz opened this issue Dec 8, 2023 · 3 comments

Comments

@fgaz
Copy link

fgaz commented Dec 8, 2023
edited
Loading

Hi, I'm the packager of warzone2100 for NixOS, and I just noticed the hash of the 4.4.1 source tarball recently changed.

Usually this is just because of a force push or similar, but it could also be a security issue.

Could you please check if this is expected?

Here is a diff of the contents of the two tarball versions, extracted from our cache: 4.4.1.diff.txt
@fgaz fgaz mentioned this issue Dec 8, 2023
Merged
1 task
@fgaz
Copy link
Author

fgaz commented Dec 8, 2023

Upon further inspection it appears the 4.4.1 tarball is now identical to the 4.4.2 one. Maybe it was accidentally copied over 4.4.1?

Could you please reupload the correct one? Preferably the exact same as before, so hashes aren't broken.

@past-due
Copy link
Member

past-due commented Dec 8, 2023

4.4.1/warzone2100_src.tar.xz should have the following hashes:

"sha256": "f2f6f03b83d710ec99a86892cf5caa85ef237dee04e22bfdd3c99cfbcc6e1fc2",
"sha512": "74c5304f945914024de4d3168f926d7851a81ad32625b0714cb6338d93bb9e0aca49e20e38bf9c35ac3a1c7edd96d2c83c695c5376a11fc4a8c21309716ca5ee",
"blake2b": "0993f554fe60c04cc5e3cc3698854e322e43b84b7bff642e9dc3d49f6cbd46ffed0f655e8882657349bf8a4ea5eb6a230a04930d1af1eff00d5da368cb2c35fc"

I have verified that both SourceForge and GitHub have the expected hash.

However, I notice that when following the link you provided, SourceForge seems to be redirecting to the 4.4.2 file.

GET https://downloads.sourceforge.net/warzone2100/releases/4.4.1/warzone2100_src.tar.xz
HTTP RESPONSE: 301 Moved Permanently
Location: https://sourceforge.net/projects/warzone2100/files/releases/4.4.2/warzone2100_src.tar.xz/download?use_mirror=cfhcable

So this looks like a possible SourceForge configuration issue?

You might want to try the GitHub Releases url instead. And, of course, we'd recommend the latest which is currently 4.4.2: https://github.com/Warzone2100/warzone2100/releases/download/4.4.2/warzone2100_src.tar.xz

@past-due past-due changed the title Hash of 4.4.1 source changed SourceForge redirecting to latest file Dec 8, 2023
@past-due past-due changed the title SourceForge redirecting to latest file SourceForge redirecting to latest file unexpectedly Dec 8, 2023
@fgaz
Copy link
Author

fgaz commented Dec 8, 2023

Thanks, I didn't notice the redirect! Using the URL you posted (which is the same as the one on the warzone website) works fine. I don't know why we even used the variant in the first place. I consider this closed on my end, thanks again for the help.

And, of course, we'd recommend the latest which is currently 4.4.2: https://github.com/Warzone2100/warzone2100/releases/download/4.4.2/warzone2100_src.tar.xz

Yes of course, updating is next on my to do list.

@fgaz fgaz closed this as completed Dec 8, 2023
fgaz added a commit to fgaz/nixpkgs that referenced this issue Dec 11, 2023
@fgaz
warzone2100: fix fetch url
c0cdf6c 
The previous url always redirects to the latest version.
See NixOS#272701 and Warzone2100/warzone2100#3565.
@fgaz fgaz mentioned this issue Dec 11, 2023
Merged
13 tasks
fgaz added a commit to NixOS/nixpkgs that referenced this issue Dec 12, 2023
@fgaz
warzone2100: fix fetch url
a59c736 
The previous url always redirects to the latest version.
See #272701 and Warzone2100/warzone2100#3565.
github-actions bot pushed a commit to NixOS/nixpkgs that referenced this issue Dec 12, 2023
@fgaz @github-actions
warzone2100: fix fetch url
c51eb80 
The previous url always redirects to the latest version.
See #272701 and Warzone2100/warzone2100#3565.

(cherry picked from commit c0cdf6c)
github-actions bot pushed a commit to Mic92/nixpkgs that referenced this issue Dec 17, 2023
@fgaz @Mic92
warzone2100: fix fetch url
e7bf13e 
The previous url always redirects to the latest version.
See NixOS#272701 and Warzone2100/warzone2100#3565.
dansbandit pushed a commit to dansbandit/nixpkgs that referenced this issue Dec 27, 2023
@fgaz @dansbandit
warzone2100: fix fetch url
fdcc473 
The previous url always redirects to the latest version.
See NixOS#272701 and Warzone2100/warzone2100#3565.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fgaz @past-due