[DRE-maint] Multiple uploads of a single .orig.tar.gz with different checksums
praveen at debian.org
praveen at debian.org
Thu Feb 14 11:56:45 GMT 2019
On Thu, Feb 14, 2019 at 2:43 PM, intrigeri <intrigeri at debian.org> wrote:
> Hi,
>
> ruby-fog-google_1.8.1.orig.tar.gz was accepted in the Debian archive:
>
> - on 2018-11-20, with SHA1 ee4367146e6207a0d61f93766d4d024c95456da5
> - on 2019-02-13, with SHA1 899e8100118232f059cbe2cc363ea7d3d12d37f5
>
> Similarly, ruby-asset-sync_2.4.0.orig.tar.gz was accepted:
>
> - on 2018-06-20, with SHA1 1d7ebfe78923132978ef81c6fb1bd8117157e24a
> - on 2019-01-28, with SHA1 eb3b84982ae37d94c8456ed95c262b555c5e5cb7
>
> In both cases, as I understand it the second upload was accepted by
> dak only because the previous "version" of the same tarball was not in
> the archive anymore (a newer version had migrated to testing already).
> Otherwise, I believe dak would have rejected the upload.
>
> I don't know if the fact dak accepted the 2nd upload of the same (but
> not quite same) file is merely due to a bug/limitation in dak or if
> that's the intended design; I suspect the former. Either way, I find
> it confusing to upload different versions of a file with the exact
> same name and it has great potential to build machinery built with
> stricter assumptions. For example, FWIW it breaks Tails' mechanism to
> take and maintain regular snapshots of the Debian archive.
>
> If that's not too much burden for you, could you please tweak your
> packaging workflow so that this does not happen? Thanks in advance!
>
Hi intrigeri,
It happened because I had to remove pristine-tar = True from my
gbp.conf for building golang packages. I did not notice pristine-tar
option was missing from gbp.conf for a while. So I uploaded first
version without using pristine-tar and Abhijith use pristine-tar.
Usually the packages get rejected but I think it is bug in dak if it
was accepted.
Now I take care of enabling it manually as soon as I finish building a
golang package. I have not figured out a foolproof/automated method
yet. If you have a suggestion I'd be happy to try. Basically I want to
use pristine-tar = True everywhere except for golang-packages. Adding a
gbp.conf to every package could work, but I don't know if that is the
only way.
Thanks
Praveen
> Cheers,
> --
> intrigeri
More information about the Pkg-ruby-extras-maintainers
mailing list