[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gzip-1.7.tar.gz hash mismatch on core-updates
|
From: |
Efraim Flashner |
|
Subject: |
Re: gzip-1.7.tar.gz hash mismatch on core-updates |
|
Date: |
Fri, 8 Apr 2016 09:20:22 +0300 |
|
User-agent: |
Mutt/1.6.0 (2016-04-01) |
On Fri, Apr 08, 2016 at 12:12:41AM +0200, Ludovic Courtès wrote:
> Hi!
>
> Commit ea5d388257664d703df23cf3eb0da7b6546d6c42 updates gzip to 1.7.
> Its specified SHA256 is:
>
> 1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv
>
> However, when downloading right now, I get a different hash:
>
> --8<---------------cut here---------------start------------->8---
> $ guix download mirror://gnu/gzip/gzip-1.7.tar.gz
>
> Starting download of /tmp/guix-file.EtGdvV
> From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz...
> following redirection to
> `http://mirror1.babylon.network/gnu/gzip/gzip-1.7.tar.gz'...
> gzip-1.7.tar.gz 1.1MiB 740KiB/s 00:02 [####################]
> 100.0%
> /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
> 010rjpxh2vg3qfzph9lx7a35gfs5imkg2mkri26620bqihbsmjzc
> $ guix download mirror://gnu/gzip/gzip-1.7.tar.gz.sig
>
> Starting download of /tmp/guix-file.jK41ds
> From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz.sig...
> following redirection to
> `http://mirror.ibcp.fr/pub/gnu/gzip/gzip-1.7.tar.gz.sig'...
> gzip-1.7.tar.gz.sig 801B 2.1MiB/s 00:00 [####################]
> 100.0%
> /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig
> 03j0bcydran7fas42sm1lxf09qcjwp4c2y9rzp42zj088mx6s32b
> $ gpg --verify
> /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig
> /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
> gpg: Signature made Mon 28 Mar 2016 06:05:12 AM CEST using RSA key ID 000BEEEE
> gpg: Good signature from "Jim Meyering <address@hidden>" [full]
> gpg: aka "Jim Meyering <address@hidden>" [full]
> gpg: aka "Jim Meyering <address@hidden>" [undefined]
> --8<---------------cut here---------------end--------------->8---
>
> Could you check if you have a copy of gzip-1.7.tar.gz with the hash
> that’s in the repo (using ‘guix build -S gzip’ in ‘core-updates’) and if
> so, send the diff?
>
> (I’d like to know if it’s a mistake or if gzip-1.7.tar.gz has been
> modified in place on ftp.gnu.org.)
>
> Thanks in advance. :-)
>
> Ludo’.
address@hidden:~/workspace/guix$ guix import gnu gzip
Starting download of /tmp/guix-file.EhzyfG
From ftp://ftp.gnu.org/gnu/gzip/gzip-1.7.tar.xz...
gzip-1.7.tar.xz 746KiB 554KiB/s 00:01
[####################] 100.0%
Starting download of /tmp/guix-file.4OjzCw
From ftp://ftp.gnu.org/gnu/gzip/gzip-1.7.tar.xz.sig...
gzip-1.7.tar.xz.sig 801B 83KiB/s 00:00
[####################] 100.0%
gpg: Signature made Mon 28 Mar 2016 07:05:12 AM IDT using RSA key ID
000BEEEE
gpg: Good signature from "Jim Meyering <address@hidden>" [undefined]
gpg: aka "Jim Meyering <address@hidden>" [undefined]
gpg: aka "Jim Meyering <address@hidden>" [undefined]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 155D 3FC5 00C8 3448 6D1E EA67 7FD9 FCCB 000B EEEE
(package
(name "gzip")
(version "1.7")
(source
(origin
(method url-fetch)
(uri (string-append
"mirror://gnu/gzip/gzip-"
version
".tar.xz"))
(sha256
(base32
"1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv"))))
...
It looks like `guix import gnu gzip` downloaded the .tar.xz copy, and
that it also added it to the store, so when I built it the tarball was
already in the store and I didn't notice that I forgot to change it from
.tar.gz to .tar.xz.
--
Efraim Flashner <address@hidden> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature