Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github tarball checksums changed #7565

Open
TheChymera opened this issue Feb 21, 2024 · 2 comments
Open

Github tarball checksums changed #7565

TheChymera opened this issue Feb 21, 2024 · 2 comments

Comments

@TheChymera
Copy link
Contributor

TheChymera commented Feb 21, 2024
edited

Recently the checksums of the github release tarballs (0.18.0 and 0.19.6) changed. No idea why, and probably I'll just switch to distributing from PyPI and forget about this if it happens again, but I thought you should know:

diff --git a/dev-vcs/datalad/Manifest b/dev-vcs/datalad/Manifest
index 2cbe5a4db..942564afe 100644
--- a/dev-vcs/datalad/Manifest
+++ b/dev-vcs/datalad/Manifest
@@ -1,4 +1,4 @@
-DIST datalad-0.18.0.tar.gz 1425155 BLAKE2B 8d7cbf7f56b1de82c74fa823b2d4512112f1b4c4be106cac433c8db696b2e7f77da758c0bb62b7cb9fe0fbb08d49431dda2818d08d5c60b5052154895c335b33 SHA512 0df8276edc3872c73fee7286ea4e578648a6fb2a630fa49a4f8945e0d6ff88353d9b11d29d942c0ce22ed17a8223e71f99d8b519a6a8afbc2ac9e6da89d95ee5
+DIST datalad-0.18.0.tar.gz 1425143 BLAKE2B 5b99a69412b70c853b9e5c45d9aa2ddeca930a5b946dc7a88f5723c1b96f1cb41abac2a07b5276aa38a8b507b05e623b9023f36201ec8ebb3da4c7684f0e374e SHA512 b2568567a161af9ce992f867a73aa8b68e934ed6e7e6e1ea7ddacc664d7c6da850d1876e29f80fba450d97a4d66ff098cb7f9af45b2c7a6a165b0a02babf8b86
 DIST datalad-0.18.1.tar.gz 1425820 BLAKE2B 574e864feb500062f829dfea3f9c8c51f9ad2e0e68e70966c2a5ea315fafffb259de9a0f57427c0aae1ee93c24ec9a3a91ef42637d109d912cf5b6c41ac07b11 SHA512 19f011428fe66d9f21410ae33276133f26cf2b1a367c23a83c56ab48a0e038837ba18163e12ab2d74eba7d0ec9ce2e660a21494ddba0da3a2df6da2c043c4aad
 DIST datalad-0.18.3.tar.gz 1435282 BLAKE2B 8077c0a639920e914b30598ded435ad74564f3947a187f5d57752cd22e0d435838db9bdd797a6d8d8cc54282e1303f5ca5d673d3674da09c678a47f35e8ef3f6 SHA512 06f5a73caaacffb35f11852f69ee48c485ebd1cce55e1440eb8686d8614a29809b01de2d129a48591fd66c02a59af9dcd064b0e7ead698842cc7f79d12af729c
-DIST datalad-0.19.6.tar.gz 1429377 BLAKE2B 1f7e3f91e6d305b4a1e9e9bd8f649e32b4a87cddb98eea68f7e1920832562604c0d2477c47dbb22f05dc2bdaf7645c5d943fdefae53b1ec9e418fb240ec3b18d SHA512 546f17be597121f2508140919360200f261553df415b67c709961e293ba95fa6cec6b13e7b54fcfc18b602a479565331b0146fb196b57ade3e6bf697f1054e07
+DIST datalad-0.19.6.tar.gz 1420979 BLAKE2B 49d8e19449652f284f89f99e6696c6d1abf7ddcc58a8eb00004c657be38ce2532ed9c11855dca4a0a8f82c55fbf1633f53ff2bdea063fd18ad946145d27a3404 SHA512 db7cd807a8106727f0b6f587be8c0ce3abcf0dc7cf72b4757e6b44650adca05482e6b0a6c1719050fba37660dcd5de2a6f27df044a8db180ac6855ee7ff8cbda
@TheChymera
Copy link
Contributor Author

Sadly I don't have the old archives any more so I don't know what changed. Going by the size of the archives probably some small file or re-compression. I just assumed release tarballs would never ever change unless you re-write the history.

@bluss
Copy link

bluss commented Apr 4, 2024

https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes/ is relevant

Upstream git (not github) has also been adamant that they don't guarantee the format of git archive, so it's not guaranteed to be reproducible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TheChymera @bluss