* [meta-java][PATCH] jdepend: Update download hashes
@ 2018-05-03 9:43 Mike Crowe
2018-05-03 23:06 ` Khem Raj
` (2 more replies)
0 siblings, 3 replies; 13+ messages in thread
From: Mike Crowe @ 2018-05-03 9:43 UTC (permalink / raw)
To: openembedded-devel; +Cc: André Draszik, Mike Crowe
When Bitbake downloads jdepend-2.9.1.zip itself and I download
https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
the calculated hashes don't match the ones included in the recipe.
The hashes were last changed in commit
dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
that the file being downloaded was published on 20th January, so I can't
explain why they are wrong.
Nevertheless, let's update the recipe to use hashes that match the current
download.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Cc: André Draszik <andre.draszik@jci.com>
---
recipes-core/jdepend/jdepend_2.9.1.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/jdepend_2.9.1.bb
index 5f09a8b..a924f1d 100644
--- a/recipes-core/jdepend/jdepend_2.9.1.bb
+++ b/recipes-core/jdepend/jdepend_2.9.1.bb
@@ -18,7 +18,7 @@ do_compile() {
fastjar cf ${JARFILENAME} -C build .
}
-SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
-SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
+SRC_URI[md5sum] = "0cbaf43493cd30838bee261f69e76fe9"
+SRC_URI[sha256sum] = "b9f34236aaea5ddc070caa29794d2f5ae79bc12e199bec6ebba6c29093a17a9e"
BBCLASSEXTEND = "native"
--
2.11.0
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCH] jdepend: Update download hashes
2018-05-03 9:43 [meta-java][PATCH] jdepend: Update download hashes Mike Crowe
@ 2018-05-03 23:06 ` Khem Raj
2018-05-04 18:37 ` [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball Mike Crowe
2018-05-16 9:29 ` [meta-java][PATCH] jdepend: Update download hashes André Draszik
2 siblings, 0 replies; 13+ messages in thread
From: Khem Raj @ 2018-05-03 23:06 UTC (permalink / raw)
To: Mike Crowe; +Cc: André Draszik, openembedded-devel
On Thu, May 3, 2018 at 2:58 AM Mike Crowe <mac@mcrowe.com> wrote:
> When Bitbake downloads jdepend-2.9.1.zip itself and I download
> https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
> the calculated hashes don't match the ones included in the recipe.
>
> The hashes were last changed in commit
> dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> that the file being downloaded was published on 20th January, so I can't
> explain why they are wrong.
Yeah no one knows how these archives are generated but we know that they
can change with out notice. Perhaps we should switch to using git fetcher
pointing srcrev to same release SHA
And hope that remains consistent
>
>
> Nevertheless, let's update the recipe to use hashes that match the current
> download.
>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> Cc: André Draszik <andre.draszik@jci.com>
> ---
> recipes-core/jdepend/jdepend_2.9.1.bb | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/
> jdepend_2.9.1.bb
> index 5f09a8b..a924f1d 100644
> --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> @@ -18,7 +18,7 @@ do_compile() {
> fastjar cf ${JARFILENAME} -C build .
> }
>
> -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> -SRC_URI[sha256sum] =
> "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
> +SRC_URI[md5sum] = "0cbaf43493cd30838bee261f69e76fe9"
> +SRC_URI[sha256sum] =
> "b9f34236aaea5ddc070caa29794d2f5ae79bc12e199bec6ebba6c29093a17a9e"
>
> BBCLASSEXTEND = "native"
> --
> 2.11.0
>
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball
2018-05-03 9:43 [meta-java][PATCH] jdepend: Update download hashes Mike Crowe
2018-05-03 23:06 ` Khem Raj
@ 2018-05-04 18:37 ` Mike Crowe
2018-05-04 19:34 ` Khem Raj
2018-05-08 9:28 ` Burton, Ross
2018-05-16 9:29 ` [meta-java][PATCH] jdepend: Update download hashes André Draszik
2 siblings, 2 replies; 13+ messages in thread
From: Mike Crowe @ 2018-05-04 18:37 UTC (permalink / raw)
To: openembedded-devel; +Cc: André Draszik, Mike Crowe
When Bitbake downloads jdepend-2.9.1.zip itself and I download
https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
the calculated hashes don't match the ones included in the recipe.
The hashes were last changed in commit
dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
that the file being downloaded was published on 20th January, so I can't
explain why they are wrong.
It seems that we can't really rely on these tarballs to remain unchanged,
so let's download the Git hash that corresponds to v2.9.1 instead. This
should always remain valid.
Cc: André Draszik <andre.draszik@jci.com>
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mike Crowe <mac@mcrowe.com>
---
recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
I'll let whoever wants to merge this decide whether to take v1 with
the updated hashes or v2 using the Git repository.
diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/jdepend_2.9.1.bb
index 5f09a8b..dfbf493 100644
--- a/recipes-core/jdepend/jdepend_2.9.1.bb
+++ b/recipes-core/jdepend/jdepend_2.9.1.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5777d32a7709d558c2877d4a6616230"
HOMEPAGE = "https://github.com/clarkware/jdepend"
-SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;downloadfilename=${BP}.zip"
+SRC_URI = "git://github.com/clarkware/jdepend"
+SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
+S = "${WORKDIR}/git"
inherit java-library
@@ -18,7 +20,4 @@ do_compile() {
fastjar cf ${JARFILENAME} -C build .
}
-SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
-SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
-
BBCLASSEXTEND = "native"
--
2.11.0
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball
2018-05-04 18:37 ` [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball Mike Crowe
@ 2018-05-04 19:34 ` Khem Raj
2018-05-08 9:28 ` Burton, Ross
1 sibling, 0 replies; 13+ messages in thread
From: Khem Raj @ 2018-05-04 19:34 UTC (permalink / raw)
To: Mike Crowe; +Cc: André Draszik, openembeded-devel
On Fri, May 4, 2018 at 11:37 AM, Mike Crowe <mac@mcrowe.com> wrote:
> When Bitbake downloads jdepend-2.9.1.zip itself and I download
> https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
> the calculated hashes don't match the ones included in the recipe.
>
> The hashes were last changed in commit
> dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> that the file being downloaded was published on 20th January, so I can't
> explain why they are wrong.
>
> It seems that we can't really rely on these tarballs to remain unchanged,
> so let's download the Git hash that corresponds to v2.9.1 instead. This
> should always remain valid.
>
LGTM.
> Cc: André Draszik <andre.draszik@jci.com>
> Cc: Khem Raj <raj.khem@gmail.com>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> ---
> recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> I'll let whoever wants to merge this decide whether to take v1 with
> the updated hashes or v2 using the Git repository.
>
> diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/jdepend_2.9.1.bb
> index 5f09a8b..dfbf493 100644
> --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5777d32a7709d558c2877d4a6616230"
>
> HOMEPAGE = "https://github.com/clarkware/jdepend"
>
> -SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;downloadfilename=${BP}.zip"
> +SRC_URI = "git://github.com/clarkware/jdepend"
> +SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
> +S = "${WORKDIR}/git"
>
> inherit java-library
>
> @@ -18,7 +20,4 @@ do_compile() {
> fastjar cf ${JARFILENAME} -C build .
> }
>
> -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> -SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
> -
> BBCLASSEXTEND = "native"
> --
> 2.11.0
>
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball
2018-05-04 18:37 ` [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball Mike Crowe
2018-05-04 19:34 ` Khem Raj
@ 2018-05-08 9:28 ` Burton, Ross
2018-05-08 9:36 ` [meta-java][PATCHv3] " Mike Crowe
2018-05-16 9:53 ` [meta-java][PATCHv2] " André Draszik
1 sibling, 2 replies; 13+ messages in thread
From: Burton, Ross @ 2018-05-08 9:28 UTC (permalink / raw)
To: Mike Crowe; +Cc: André Draszik, OpenEmbedded Devel List
http://lists.openembedded.org/pipermail/openembedded-devel/2017-September/114916.html,
fwiw
Ross
On 4 May 2018 at 19:37, Mike Crowe <mac@mcrowe.com> wrote:
> When Bitbake downloads jdepend-2.9.1.zip itself and I download
> https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
> the calculated hashes don't match the ones included in the recipe.
>
> The hashes were last changed in commit
> dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> that the file being downloaded was published on 20th January, so I can't
> explain why they are wrong.
>
> It seems that we can't really rely on these tarballs to remain unchanged,
> so let's download the Git hash that corresponds to v2.9.1 instead. This
> should always remain valid.
>
> Cc: André Draszik <andre.draszik@jci.com>
> Cc: Khem Raj <raj.khem@gmail.com>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> ---
> recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> I'll let whoever wants to merge this decide whether to take v1 with
> the updated hashes or v2 using the Git repository.
>
> diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/
> jdepend_2.9.1.bb
> index 5f09a8b..dfbf493 100644
> --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=
> f5777d32a7709d558c2877d4a6616230"
>
> HOMEPAGE = "https://github.com/clarkware/jdepend"
>
> -SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;
> downloadfilename=${BP}.zip"
> +SRC_URI = "git://github.com/clarkware/jdepend"
> +SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
> +S = "${WORKDIR}/git"
>
> inherit java-library
>
> @@ -18,7 +20,4 @@ do_compile() {
> fastjar cf ${JARFILENAME} -C build .
> }
>
> -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> -SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f
> 36c7a31b34d969275f278f72e522e7f7c9"
> -
> BBCLASSEXTEND = "native"
> --
> 2.11.0
>
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [meta-java][PATCHv3] jdepend: Retrieve source from Git rather than tarball
2018-05-08 9:28 ` Burton, Ross
@ 2018-05-08 9:36 ` Mike Crowe
2018-06-11 13:10 ` Mike Crowe
` (2 more replies)
2018-05-16 9:53 ` [meta-java][PATCHv2] " André Draszik
1 sibling, 3 replies; 13+ messages in thread
From: Mike Crowe @ 2018-05-08 9:36 UTC (permalink / raw)
To: openembedded-devel; +Cc: André Draszik, Mike Crowe
When Bitbake downloads jdepend-2.9.1.zip itself and I download
https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
the calculated hashes don't match the ones included in the recipe.
The hashes were last changed in commit
dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
that the file being downloaded was published on 20th January, so I can't
explain why they are wrong. Ross Burton has provided a plausible reason in
http://lists.openembedded.org/pipermail/openembedded-devel/2017-September/114916.html
where he also advocates switching to using Git repositories rather than
GitHub-generated tarballs.
It seems that we can't really rely on these tarballs to remain unchanged,
so let's download the Git hash that corresponds to v2.9.1 instead. This
should always remain valid.
Cc: André Draszik <andre.draszik@jci.com>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Ross Burton <ross.burton@intel.com>
Signed-off-by: Mike Crowe <mac@mcrowe.com>
---
recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/jdepend_2.9.1.bb
index 5f09a8b..dfbf493 100644
--- a/recipes-core/jdepend/jdepend_2.9.1.bb
+++ b/recipes-core/jdepend/jdepend_2.9.1.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5777d32a7709d558c2877d4a6616230"
HOMEPAGE = "https://github.com/clarkware/jdepend"
-SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;downloadfilename=${BP}.zip"
+SRC_URI = "git://github.com/clarkware/jdepend"
+SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
+S = "${WORKDIR}/git"
inherit java-library
@@ -18,7 +20,4 @@ do_compile() {
fastjar cf ${JARFILENAME} -C build .
}
-SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
-SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
-
BBCLASSEXTEND = "native"
--
2.11.0
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCH] jdepend: Update download hashes
2018-05-03 9:43 [meta-java][PATCH] jdepend: Update download hashes Mike Crowe
2018-05-03 23:06 ` Khem Raj
2018-05-04 18:37 ` [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball Mike Crowe
@ 2018-05-16 9:29 ` André Draszik
2 siblings, 0 replies; 13+ messages in thread
From: André Draszik @ 2018-05-16 9:29 UTC (permalink / raw)
To: openembedded-devel
While I realise that you sent a v2 and v3, as another interesting point I
still (today / right now) get files with the hashes as they are in the
recipe before you touched the recipe (when downloading manually using wget).
Cheers,
Andre'
On Thu, 2018-05-03 at 10:43 +0100, Mike Crowe wrote:
> When Bitbake downloads jdepend-2.9.1.zip itself and I download
> https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
> the calculated hashes don't match the ones included in the recipe.
>
> The hashes were last changed in commit
> dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> that the file being downloaded was published on 20th January, so I can't
> explain why they are wrong.
>
> Nevertheless, let's update the recipe to use hashes that match the current
> download.
>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> Cc: André Draszik <andre.draszik@jci.com>
> ---
> recipes-core/jdepend/jdepend_2.9.1.bb | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-
> core/jdepend/jdepend_2.9.1.bb
> index 5f09a8b..a924f1d 100644
> --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> @@ -18,7 +18,7 @@ do_compile() {
> fastjar cf ${JARFILENAME} -C build .
> }
>
> -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> -SRC_URI[sha256sum] =
> "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
> +SRC_URI[md5sum] = "0cbaf43493cd30838bee261f69e76fe9"
> +SRC_URI[sha256sum] =
> "b9f34236aaea5ddc070caa29794d2f5ae79bc12e199bec6ebba6c29093a17a9e"
>
> BBCLASSEXTEND = "native"
> --
> 2.11.0
>
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball
2018-05-08 9:28 ` Burton, Ross
2018-05-08 9:36 ` [meta-java][PATCHv3] " Mike Crowe
@ 2018-05-16 9:53 ` André Draszik
2018-05-16 10:52 ` Burton, Ross
1 sibling, 1 reply; 13+ messages in thread
From: André Draszik @ 2018-05-16 9:53 UTC (permalink / raw)
To: Burton, Ross; +Cc: OpenEmbedded Devel List, Mike Crowe
Would it be useful to add a check to patchreview.py (or elsewhere?) to
reject patches that contain references to github archive URLs in the recipe?
Cheers,
Andre'
On Tue, 2018-05-08 at 10:28 +0100, Burton, Ross wrote:
> http://lists.openembedded.org/pipermail/openembedded-devel/2017-September/
> 114916.html,
> fwiw
>
> Ross
>
> On 4 May 2018 at 19:37, Mike Crowe <mac@mcrowe.com> wrote:
>
> > When Bitbake downloads jdepend-2.9.1.zip itself and I download
> > https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip
> > ,
> > the calculated hashes don't match the ones included in the recipe.
> >
> > The hashes were last changed in commit
> > dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> > that the file being downloaded was published on 20th January, so I can't
> > explain why they are wrong.
> >
> > It seems that we can't really rely on these tarballs to remain
> > unchanged,
> > so let's download the Git hash that corresponds to v2.9.1 instead. This
> > should always remain valid.
> >
> > Cc: André Draszik <andre.draszik@jci.com>
> > Cc: Khem Raj <raj.khem@gmail.com>
> > Signed-off-by: Mike Crowe <mac@mcrowe.com>
> > ---
> > recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
> > 1 file changed, 3 insertions(+), 4 deletions(-)
> >
> > I'll let whoever wants to merge this decide whether to take v1 with
> > the updated hashes or v2 using the Git repository.
> >
> > diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-
> > core/jdepend/
> > jdepend_2.9.1.bb
> > index 5f09a8b..dfbf493 100644
> > --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> > +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> > @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=
> > f5777d32a7709d558c2877d4a6616230"
> >
> > HOMEPAGE = "https://github.com/clarkware/jdepend"
> >
> > -SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;
> > downloadfilename=${BP}.zip"
> > +SRC_URI = "git://github.com/clarkware/jdepend"
> > +SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
> > +S = "${WORKDIR}/git"
> >
> > inherit java-library
> >
> > @@ -18,7 +20,4 @@ do_compile() {
> > fastjar cf ${JARFILENAME} -C build .
> > }
> >
> > -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> > -SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f
> > 36c7a31b34d969275f278f72e522e7f7c9"
> > -
> > BBCLASSEXTEND = "native"
> > --
> > 2.11.0
> >
> >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball
2018-05-16 9:53 ` [meta-java][PATCHv2] " André Draszik
@ 2018-05-16 10:52 ` Burton, Ross
2018-05-16 10:56 ` Burton, Ross
0 siblings, 1 reply; 13+ messages in thread
From: Burton, Ross @ 2018-05-16 10:52 UTC (permalink / raw)
To: André Draszik; +Cc: OpenEmbedded Devel List, Mike Crowe
On 16 May 2018 at 10:53, André Draszik <git@andred.net> wrote:
> Would it be useful to add a check to patchreview.py (or elsewhere?) to
> reject patches that contain references to github archive URLs in the recipe?
patchtest. Yes, it would!
Ross
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball
2018-05-16 10:52 ` Burton, Ross
@ 2018-05-16 10:56 ` Burton, Ross
0 siblings, 0 replies; 13+ messages in thread
From: Burton, Ross @ 2018-05-16 10:56 UTC (permalink / raw)
To: André Draszik; +Cc: OpenEmbedded Devel List, Mike Crowe
On 16 May 2018 at 11:52, Burton, Ross <ross.burton@intel.com> wrote:
> On 16 May 2018 at 10:53, André Draszik <git@andred.net> wrote:
>> Would it be useful to add a check to patchreview.py (or elsewhere?) to
>> reject patches that contain references to github archive URLs in the recipe?
>
> patchtest. Yes, it would!
Bug files: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12752
If anyone wants to explore patchtest, this is a good starting point.
Ross
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv3] jdepend: Retrieve source from Git rather than tarball
2018-05-08 9:36 ` [meta-java][PATCHv3] " Mike Crowe
@ 2018-06-11 13:10 ` Mike Crowe
2018-06-12 9:21 ` Richard Leitner
2018-06-12 19:46 ` Richard Leitner
2 siblings, 0 replies; 13+ messages in thread
From: Mike Crowe @ 2018-06-11 13:10 UTC (permalink / raw)
To: openembedded-devel; +Cc: André Draszik
The change below doesn't seem to have been merged. Is there anything else
that I need to do?
Thanks.
Mike.
On Tuesday 08 May 2018 at 10:36:31 +0100, Mike Crowe wrote:
> When Bitbake downloads jdepend-2.9.1.zip itself and I download
> https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
> the calculated hashes don't match the ones included in the recipe.
>
> The hashes were last changed in commit
> dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> that the file being downloaded was published on 20th January, so I can't
> explain why they are wrong. Ross Burton has provided a plausible reason in
> http://lists.openembedded.org/pipermail/openembedded-devel/2017-September/114916.html
> where he also advocates switching to using Git repositories rather than
> GitHub-generated tarballs.
>
> It seems that we can't really rely on these tarballs to remain unchanged,
> so let's download the Git hash that corresponds to v2.9.1 instead. This
> should always remain valid.
>
> Cc: André Draszik <andre.draszik@jci.com>
> Cc: Khem Raj <raj.khem@gmail.com>
> Cc: Ross Burton <ross.burton@intel.com>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> ---
> recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/jdepend_2.9.1.bb
> index 5f09a8b..dfbf493 100644
> --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5777d32a7709d558c2877d4a6616230"
>
> HOMEPAGE = "https://github.com/clarkware/jdepend"
>
> -SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;downloadfilename=${BP}.zip"
> +SRC_URI = "git://github.com/clarkware/jdepend"
> +SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
> +S = "${WORKDIR}/git"
>
> inherit java-library
>
> @@ -18,7 +20,4 @@ do_compile() {
> fastjar cf ${JARFILENAME} -C build .
> }
>
> -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> -SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
> -
> BBCLASSEXTEND = "native"
> --
> 2.11.0
>
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv3] jdepend: Retrieve source from Git rather than tarball
2018-05-08 9:36 ` [meta-java][PATCHv3] " Mike Crowe
2018-06-11 13:10 ` Mike Crowe
@ 2018-06-12 9:21 ` Richard Leitner
2018-06-12 19:46 ` Richard Leitner
2 siblings, 0 replies; 13+ messages in thread
From: Richard Leitner @ 2018-06-12 9:21 UTC (permalink / raw)
To: openembedded-devel
Hi,
although the old checksum matches with the current github archive for me
please feel free to add:
Reviewed-by: Richard Leitner <richard.leitner@skidata.com>
and
Tested-by: Richard Leitner <richard.leitner@skidata.com>
regards;Richard.L
On 05/08/2018 11:36 AM, Mike Crowe wrote:
> When Bitbake downloads jdepend-2.9.1.zip itself and I download
> https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
> the calculated hashes don't match the ones included in the recipe.
>
> The hashes were last changed in commit
> dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> that the file being downloaded was published on 20th January, so I can't
> explain why they are wrong. Ross Burton has provided a plausible reason in
> http://lists.openembedded.org/pipermail/openembedded-devel/2017-September/114916.html
> where he also advocates switching to using Git repositories rather than
> GitHub-generated tarballs.
>
> It seems that we can't really rely on these tarballs to remain unchanged,
> so let's download the Git hash that corresponds to v2.9.1 instead. This
> should always remain valid.
>
> Cc: André Draszik <andre.draszik@jci.com>
> Cc: Khem Raj <raj.khem@gmail.com>
> Cc: Ross Burton <ross.burton@intel.com>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> ---
> recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/jdepend_2.9.1.bb
> index 5f09a8b..dfbf493 100644
> --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5777d32a7709d558c2877d4a6616230"
>
> HOMEPAGE = "https://github.com/clarkware/jdepend"
>
> -SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;downloadfilename=${BP}.zip"
> +SRC_URI = "git://github.com/clarkware/jdepend"
> +SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
> +S = "${WORKDIR}/git"
>
> inherit java-library
>
> @@ -18,7 +20,4 @@ do_compile() {
> fastjar cf ${JARFILENAME} -C build .
> }
>
> -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> -SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
> -
> BBCLASSEXTEND = "native"
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [meta-java][PATCHv3] jdepend: Retrieve source from Git rather than tarball
2018-05-08 9:36 ` [meta-java][PATCHv3] " Mike Crowe
2018-06-11 13:10 ` Mike Crowe
2018-06-12 9:21 ` Richard Leitner
@ 2018-06-12 19:46 ` Richard Leitner
2 siblings, 0 replies; 13+ messages in thread
From: Richard Leitner @ 2018-06-12 19:46 UTC (permalink / raw)
To: Mike Crowe; +Cc: openembedded-devel
Hi,
this is a note to let you know that I've just added this patch to the
master-next branch of the meta-java repository at
git://git.yoctoproject.org/meta-java
As soon as it has gone through some more testing it will likely be
merged to the master branch.
If you have any questions, please let me know.
regards;Richard.L
On 05/08/2018 11:36 AM, Mike Crowe wrote:
> When Bitbake downloads jdepend-2.9.1.zip itself and I download
> https://github.com/clarkware/jdepend/blob/master/dist/jdepend-2.9.1.zip ,
> the calculated hashes don't match the ones included in the recipe.
>
> The hashes were last changed in commit
> dd5c43fca8289b8795a9214aee616775e1493109 on 1st March, but GitHub claims
> that the file being downloaded was published on 20th January, so I can't
> explain why they are wrong. Ross Burton has provided a plausible reason in
> http://lists.openembedded.org/pipermail/openembedded-devel/2017-September/114916.html
> where he also advocates switching to using Git repositories rather than
> GitHub-generated tarballs.
>
> It seems that we can't really rely on these tarballs to remain unchanged,
> so let's download the Git hash that corresponds to v2.9.1 instead. This
> should always remain valid.
>
> Cc: André Draszik <andre.draszik@jci.com>
> Cc: Khem Raj <raj.khem@gmail.com>
> Cc: Ross Burton <ross.burton@intel.com>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> ---
> recipes-core/jdepend/jdepend_2.9.1.bb | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/recipes-core/jdepend/jdepend_2.9.1.bb b/recipes-core/jdepend/jdepend_2.9.1.bb
> index 5f09a8b..dfbf493 100644
> --- a/recipes-core/jdepend/jdepend_2.9.1.bb
> +++ b/recipes-core/jdepend/jdepend_2.9.1.bb
> @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5777d32a7709d558c2877d4a6616230"
>
> HOMEPAGE = "https://github.com/clarkware/jdepend"
>
> -SRC_URI = "https://github.com/clarkware/jdepend/archive/${PV}.zip;downloadfilename=${BP}.zip"
> +SRC_URI = "git://github.com/clarkware/jdepend"
> +SRCREV = "57980590313a5dbde236a3eb2c8958e9e53e6a10"
> +S = "${WORKDIR}/git"
>
> inherit java-library
>
> @@ -18,7 +20,4 @@ do_compile() {
> fastjar cf ${JARFILENAME} -C build .
> }
>
> -SRC_URI[md5sum] = "9b91efe1d770e023893f89f4dde8434e"
> -SRC_URI[sha256sum] = "536b5082d64e4f4dddd514ce30178f36c7a31b34d969275f278f72e522e7f7c9"
> -
> BBCLASSEXTEND = "native"
>
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2018-06-12 19:46 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-03 9:43 [meta-java][PATCH] jdepend: Update download hashes Mike Crowe
2018-05-03 23:06 ` Khem Raj
2018-05-04 18:37 ` [meta-java][PATCHv2] jdepend: Retrieve source from Git rather than tarball Mike Crowe
2018-05-04 19:34 ` Khem Raj
2018-05-08 9:28 ` Burton, Ross
2018-05-08 9:36 ` [meta-java][PATCHv3] " Mike Crowe
2018-06-11 13:10 ` Mike Crowe
2018-06-12 9:21 ` Richard Leitner
2018-06-12 19:46 ` Richard Leitner
2018-05-16 9:53 ` [meta-java][PATCHv2] " André Draszik
2018-05-16 10:52 ` Burton, Ross
2018-05-16 10:56 ` Burton, Ross
2018-05-16 9:29 ` [meta-java][PATCH] jdepend: Update download hashes André Draszik
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.