Re: [gentoo-dev] heads up: codeberg changed gzip impls (?) for ${REPO}/archive/${TAG}.tar.gz files

2023-12-11 Thread Eli Schwartz 
On 12/11/23 5:47 AM, Arsen Arsenović wrote:
> hi,
> 
> it seems that codeberg has changed how they produce their archives on
> URLs like  leading
> to digest failures like , as implied by
> the following checks:
> 
>   ~$ diff <( <(   ~$ diff <( <(   Binary files /dev/fd/63 and /dev/fd/62 differ
> 
> the above shows that compressed content differs while decompressed
> content remains identical.
> 
> (dls/foot-1.16.2.tar.gz is downloaded from the master distfiles mirror,
> /var/cache/distfiles/foot-1.16.2.tar.gz is fetched from codeberg at
> around two in the morning last night)
> 
> you might want to regenerate manifests for projects fetching from
> /archive/ urls on codeberg.
> 
> Daniel, thank you for working on foot.  may I ask that you attach 'meson
> dist'-generated files to releases?  you could also use that opportunity
> to hash or sign them, if you so desire.
> 
> in either case, thank you again.
> 
> have a lovely day, all!


It sounds like they completely failed to get the memo about:
https://github.com/orgs/community/discussions/46034

However, I really do wish tremendously that they *would* change all
tarball checksums... for a good reason!

Namely, they need to fix https://github.com/go-gitea/gitea/issues/18078
because currently gitea-based software forges kind of suck and I'd
rather no one used them for anything, lol.

It does appear that since last year when they fixed an unrelated issue,
closed *this* issue as "not fixed but sometime in the future we'll fix
it, we pinky promise"...

... that they've fixed the issue for manually uploaded release assets
where the download url was based on an unpredictable uuid.

So that's sort of kind of a little bit good at least.



-- 
Eli Schwartz

Re: [gentoo-dev] heads up: codeberg changed gzip impls (?) for ${REPO}/archive/${TAG}.tar.gz files

2023-12-11 Thread Arsen Arsenović 

Arsen Arsenović  writes:

> hi,
>
> it seems that codeberg has changed how they produce their archives on
> URLs like  leading
> to digest failures like , as implied by
> the following checks:
>
>   ~$ diff <( <(   ~$ diff <( <(   Binary files /dev/fd/63 and /dev/fd/62 differ
>
> the above shows that compressed content differs while decompressed
> content remains identical.
>
> (dls/foot-1.16.2.tar.gz is downloaded from the master distfiles mirror,
> /var/cache/distfiles/foot-1.16.2.tar.gz is fetched from codeberg at
> around two in the morning last night)
>
> you might want to regenerate manifests for projects fetching from
> /archive/ urls on codeberg.

ps, also filed https://codeberg.org/Codeberg/Community/issues/1366 per
ulms suggestion.
-- 
Arsen Arsenović


signature.asc
Description: PGP signature

[gentoo-dev] heads up: codeberg changed gzip impls (?) for ${REPO}/archive/${TAG}.tar.gz files

2023-12-11 Thread Arsen Arsenović 
hi,

it seems that codeberg has changed how they produce their archives on
URLs like  leading
to digest failures like , as implied by
the following checks:

  ~$ diff <(

signature.asc
Description: PGP signature