ng0 (again, and this time the list), Thanks for catching and reporting this.
On 14/02/17 18:19, ng0 wrote: > can someone else check which hash should be the correct one? I think > 19djav128nkhjxgfhwhc32i5y9d9c3karbh5yg67kqrdranyvh7q is correct. We're both right! Yay! It's a Valentine's day miracle: $ ~/guix/pre-inst-env guix hash /gnu/store/*-fish-2.5.0.tar.gz 0kn2n9qr9cksg2cl78f3w0yd24368d35djhi6w5x3gbdxk23ywq3 $ boring-old-wget https://fishshell.com/files/2.5.0/fish-2.5.0.tar.gz $ guix hash fish-2.5.0.tar.gz 19djav128nkhjxgfhwhc32i5y9d9c3karbh5yg67kqrdranyvh7q Hm. Did I mis-label an old fish-2.4.0 tarball by mistake when updating? Nope: $ tar tf /gnu/store/*-fish-2.5.0.tar.gz | head -n1 fish-shell-2.5.0/ $ tar tf ~/fish-2.5.0.tar.gz | head -n1 fish-2.5.0/ What the— Once again, hashing all the things catches a sneaky upstream dirty-handed. The original fish-2.5.0.tar.gz lacked a configure script (see commit 89eb56f05fa1561b09d1050147d968b98a16b07a). Apparently, the way to fix that is by silently replacing your tarball in-place. Anyone want to scan a 20,357-line diff for a back door before I push an update? Kind regards, T G-R
signature.asc
Description: OpenPGP digital signature
