Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not rebuild packages when an extra-source's url changes but not its checksum #5258

Merged
merged 4 commits into from
Sep 5, 2022
Merged

Do not rebuild packages when an extra-source's url changes but not its checksum #5258

merged 4 commits into from
Sep 5, 2022

Conversation

kit-ty-kate
Copy link
Member

@dra27
Copy link
Member

dra27 commented Aug 23, 2022

We might want to do this only in the presence of strong checksums, given the attacks on both md5 and sha1? The alternative would be to actually download the patch and check that it really is the same as the one used, but that's highly invasive to the code (network access before confirmation, etc.)

@kit-ty-kate
Copy link
Member Author

kit-ty-kate commented Aug 23, 2022
edited

I agree this is an issue but it's not specific to this change (and is much worse for the main urls or even with the new software heritage feature for instance). Could you open a separate issue to discuss it more fully?

@dra27
Copy link
Member

dra27 commented Aug 23, 2022

That's a good point - I'd forgotten that the cache already works this way

@rjbou
Copy link
Collaborator

rjbou commented Aug 30, 2022

Updated with a test

kit-ty-kate
kit-ty-kate commented Aug 30, 2022
View reviewed changes
tests/reftests/rebuild.test Outdated Show resolved Hide resolved
tests/reftests/rebuild.test Outdated Show resolved Hide resolved
@kit-ty-kate kit-ty-kate force-pushed the effectively-extra-sources branch 3 times, most recently from 164a840 to 3f31f07 Compare August 31, 2022 12:51
@rjbou rjbou added this to PR in progress in Opam 2.2.0 via automation Aug 31, 2022
@rjbou rjbou added this to the 2.2.0~alpha milestone Aug 31, 2022
@rjbou rjbou merged commit d158d89 into ocaml:master Sep 5, 2022
Opam 2.2.0 automation moved this from PR in progress to Done Sep 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rjbou rjbou rjbou approved these changes

Assignees
No one assigned
Labels
AREA: ENGINE
Projects
Opam 2.2.0
  
Done
Milestone
2.2.0~alpha
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kit-ty-kate @dra27 @rjbou