On Fri, Apr 08, 2016 at 12:12:41AM +0200, Ludovic Courtès wrote: > Hi! > > Commit ea5d388257664d703df23cf3eb0da7b6546d6c42 updates gzip to 1.7. > Its specified SHA256 is: > > 1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv > > However, when downloading right now, I get a different hash: > > --8<---------------cut here---------------start------------->8--- > $ guix download mirror://gnu/gzip/gzip-1.7.tar.gz > > Starting download of /tmp/guix-file.EtGdvV > From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz... > following redirection to > `http://mirror1.babylon.network/gnu/gzip/gzip-1.7.tar.gz'... > gzip-1.7.tar.gz 1.1MiB 740KiB/s 00:02 [####################] > 100.0% > /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz > 010rjpxh2vg3qfzph9lx7a35gfs5imkg2mkri26620bqihbsmjzc > $ guix download mirror://gnu/gzip/gzip-1.7.tar.gz.sig > > Starting download of /tmp/guix-file.jK41ds > From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz.sig... > following redirection to > `http://mirror.ibcp.fr/pub/gnu/gzip/gzip-1.7.tar.gz.sig'... > gzip-1.7.tar.gz.sig 801B 2.1MiB/s 00:00 [####################] > 100.0% > /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig > 03j0bcydran7fas42sm1lxf09qcjwp4c2y9rzp42zj088mx6s32b > $ gpg --verify > /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig > /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz > gpg: Signature made Mon 28 Mar 2016 06:05:12 AM CEST using RSA key ID 000BEEEE > gpg: Good signature from "Jim Meyering <[email protected]>" [full] > gpg: aka "Jim Meyering <[email protected]>" [full] > gpg: aka "Jim Meyering <[email protected]>" [undefined] > --8<---------------cut here---------------end--------------->8--- > > Could you check if you have a copy of gzip-1.7.tar.gz with the hash > that’s in the repo (using ‘guix build -S gzip’ in ‘core-updates’) and if > so, send the diff? > > (I’d like to know if it’s a mistake or if gzip-1.7.tar.gz has been > modified in place on ftp.gnu.org.) > > Thanks in advance. :-) > > Ludo’.
efraim@debian-netbook:~/workspace/guix$ guix import gnu gzip Starting download of /tmp/guix-file.EhzyfG From ftp://ftp.gnu.org/gnu/gzip/gzip-1.7.tar.xz... gzip-1.7.tar.xz 746KiB 554KiB/s 00:01 [####################] 100.0% Starting download of /tmp/guix-file.4OjzCw From ftp://ftp.gnu.org/gnu/gzip/gzip-1.7.tar.xz.sig... gzip-1.7.tar.xz.sig 801B 83KiB/s 00:00 [####################] 100.0% gpg: Signature made Mon 28 Mar 2016 07:05:12 AM IDT using RSA key ID 000BEEEE gpg: Good signature from "Jim Meyering <[email protected]>" [undefined] gpg: aka "Jim Meyering <[email protected]>" [undefined] gpg: aka "Jim Meyering <[email protected]>" [undefined] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 155D 3FC5 00C8 3448 6D1E EA67 7FD9 FCCB 000B EEEE (package (name "gzip") (version "1.7") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gzip/gzip-" version ".tar.xz")) (sha256 (base32 "1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv")))) ... It looks like `guix import gnu gzip` downloaded the .tar.xz copy, and that it also added it to the store, so when I built it the tarball was already in the store and I didn't notice that I forgot to change it from .tar.gz to .tar.xz. -- Efraim Flashner <[email protected]> אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
