[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content has
|
From: |
Leo Famulari |
|
Subject: |
bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail |
|
Date: |
Sun, 1 Oct 2017 16:42:37 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Sun, Oct 01, 2017 at 09:20:42PM +0200, Jan Nieuwenhuizen wrote:
> Jan Nieuwenhuizen writes:
>
> The changing of the libgit-0.26.0 checksum was already reported about 3
> weeks ago (github seems to only show relative dates)
>
> https://github.com/libgit2/libgit2/issues/4343
>
> and the bug is still open. It seems to be a github thing. As I
> understand it, currently our options are to update the hash and pray it
> won't happen again or host libgit2 tarballs ourselves.
I contacted GitHub about this issue a few weeks ago and they said that:
1) They do not guarantee bit-reproducibility of the snapshots they
generate automatically for each release tag, and they wish that people
would not rely on them as we do. However, since people *are* relying on
them, they are discussing this issue internally.
2) This is the relevant code change:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=22f0dcd9634a818a0c83f23ea1a48f2d620c0546
In the meantime, we can add this to the list of reasons that
reproducibility is difficult in the long term.
I don't have any solutions in mind besides keeping substitutes available
for as long as possible and, for users, using substitutes. We might also
petition upstream projects to offer a "real" release tarball.
signature.asc
Description: PGP signature
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Jan Nieuwenhuizen, 2017/10/01
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Jan Nieuwenhuizen, 2017/10/01
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail,
Leo Famulari <=
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, ng0, 2017/10/01
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Ludovic Courtès, 2017/10/02
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Leo Famulari, 2017/10/02
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Maxim Cournoyer, 2017/10/02
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Ludovic Courtès, 2017/10/03
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Leo Famulari, 2017/10/03
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Maxim Cournoyer, 2017/10/04
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Leo Famulari, 2017/10/04
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Maxim Cournoyer, 2017/10/04
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Maxim Cournoyer, 2017/10/05