Re: SHA* digests in checksums.yaml.gz
Hi! Thanks for the feedback. I've just uploaded gem2deb 0.38 with that change and other commits from Antonio about ruby2.5. Cheers, Cédric
Re: SHA* digests in checksums.yaml.gz
Hi, On Sat, Mar 03, 2018 at 02:46:19PM +0100, Cédric Boutillier wrote: > I've just pushed a branch on Salsa called 'sha_digests' with a proposed > change. I've just removed SHA1 and replaced it with SHA256, and check > that at least one of SHA256/SHA512 is available in checksums.yaml. > > https://salsa.debian.org/ruby-team/gem2deb/tree/sha_digests > > Comments welcome! I can at least say it seems to fix the problems I saw with some gems using newer checksums. Regards -- Michael Moll signature.asc Description: PGP signature
Re: SHA* digests in checksums.yaml.gz
On Thu, Feb 22, 2018 at 02:13:47PM -0300, Antonio Terceiro wrote: > On Tue, Feb 20, 2018 at 04:32:25PM +0100, Cédric Boutillier wrote: [...] > > > > I am considering adding Digest::SHA256 to the list of digests tested in > > gem2tgz and skip the checksum computation if the digest name is not a > > key of the hash read from the YAML file. > > > > What do you think? > Looks like this is the way to go. Hi, I've just pushed a branch on Salsa called 'sha_digests' with a proposed change. I've just removed SHA1 and replaced it with SHA256, and check that at least one of SHA256/SHA512 is available in checksums.yaml. https://salsa.debian.org/ruby-team/gem2deb/tree/sha_digests Comments welcome! Cheers, Cédric signature.asc Description: PGP signature
Re: SHA* digests in checksums.yaml.gz
On Tue, Feb 20, 2018 at 04:32:25PM +0100, Cédric Boutillier wrote: > Hi, > > When trying to package some dependencies for a new version of Nanoc, I > noticed that some gems start to ship SHA256 digests instead of SHA1 in > addition to SHA512. > This happens for example with the ddmetrics gem > https://rubygems.org/gems/ddmetrics > > As a consequence, gem2deb fails on such gems with the following error. > > ddmetrics doesn't seem to exist. Let's try to download it with 'gem fetch > ddmetrics' > gem fetch ddmetrics > Fetching: ddmetrics-1.0.0.gem (100%) > Downloaded ddmetrics-1.0.0 > -- Creating source tarball from ddmetrics-1.0.0.gem ... > tar xfm /tmp/ddmetrics-1.0.0.gem > /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:131:in `block (2 levels) in > verify_and_strip_checksums': undefined method `[]' for nil:NilClass > (NoMethodError) > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:130:in `each' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:130:in `block in > verify_and_strip_checksums' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:128:in `each' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:128:in > `verify_and_strip_checksums' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:85:in `block in > extract_gem_contents' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:83:in `chdir' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:83:in > `extract_gem_contents' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:67:in `convert!' > from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:33:in `convert!' > from /usr/bin/gem2deb:114:in `' > > I am considering adding Digest::SHA256 to the list of digests tested in > gem2tgz and skip the checksum computation if the digest name is not a > key of the hash read from the YAML file. > > What do you think? Looks like this is the way to go. signature.asc Description: PGP signature