New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release tarball for v0.6.4 has changed recently #143
Comments
Thanks for letting us know! There have been no modifications to the source code of the latest release, or to the git history. The "Source code" files in GitHub's release assets are generated dynamically. The resulting files may differ slightly depending on the version of git, tar and gzip used by the GitHub servers at the time of download. Verifying the authenticity of the files is important, so let us know if we can help mitigate this in the future. According to the answer linked above:
Maybe FreshPorts could fetch the source with git rather than download the release .tar.gz assets? |
Thanks! I've compared the tagged commit from the repo with the tarball and they are the same (modulo the VERSION file).
The tarballs are the easiest to work with. Tarball rerolls happen from time to time in the wild. I guess there is no need to modify this workflow :) Note: FreshPorts is just a web UI to view the FreeBSD Ports Collection. The relationship between the two can be a bit confusing at times. In the meantime, I've updated the hashes in the FreeBSD port so FreeBSD users are going to be able to see scli package in the repos soon. Thanks again for your help! |
Sure thing!
Makes sense. The changes to GitHub's internal tools (that affect the tarballs) probably happen rarely enough to make the manual hashes updates the simplest option.
Gotcha! I guess I meant "BSD ports". |
Hi there! I'm the maintainer of the scli package in FreeBSD. Yesterday I got a report from the FreeBSD community that the source tarball (https://codeload.github.com/isamert/scli/tar.gz/v0.6.4?dummy=/isamert-scli-v0.6.4_GH0.tar.gz) has changed its hash:
Old hash (https://cgit.freebsd.org/ports/tree/net-im/scli/distinfo):
New hash:
I wonder if that's the result of some actions performed by the scli developers (like rewriting the commit history or tagging a different commit with tag
v0.6.4
) or is that some GitHub infrastructure issue.Thanks!
Details:
The text was updated successfully, but these errors were encountered: