Comments (13)
chenrui333
commented on June 12, 2024
3
The reason we used the tarball from Github is because we thought it was standard procedure. Maybe we are wrong?
yeah, it is the default source code tarball, we just took it for convenience, but if projects have release source tarball rather than the github one, we intend to use them instead of the github default.
Since GitHub my be re-generating the tar.gz to save space, and since GitHub has never guaranteed checksum stability (even if it seems like it has been taken for granted, but actually seldomly has changed).
but like what @ZhongRuoyu found in Homebrew/homebrew-core#162731 (comment), whenever the metadata change, it would cause some github source tarball change.
There is no official recommendation on this yet, but due to the github tarball stability, I did add a audit making sure the right source tarball being referenced in the formula.
from tkey-ssh-agent.
chenrui333
commented on June 12, 2024
1
Could it be related to renaming of repository?
nope, see this example https://github.com/Homebrew/homebrew-core/pull/157076
from tkey-ssh-agent.
dehanj
commented on June 12, 2024
1
I have filed a support ticket with Github to see if they can help understand the issue.
I don't find we have the same issue as Cog had. AFAIK we don't have a .git_archival.txt or similar. We have also had rebuilds on homebrew on the same tag in August of 2023, four months after the tag was created and the checksum had not changed.
I really cannot find any explanation to this. I will wait and see the response from Github Support. Unless anyone has any other suggestion of what to look into.
from tkey-ssh-agent.
stefanb
commented on June 12, 2024
Could it be related to renaming of repository?
from tkey-ssh-agent.
dehanj
commented on June 12, 2024
This is a mystery! No re-tagging as far as we are aware.
We confirmed before renaming the repository that it should not affect the formula since github redirects.
That is also why we haven't done a PR to homebrew-core just yet.
But thanks for point this out, I will try and see if I can find out why it has changed. Interesting enough the GUI still says the tar.gz was uploaded Mar 27, 2023, so that means it should have been wrong all along?
from tkey-ssh-agent.
dehanj
commented on June 12, 2024
Been digging a bit, cannot find any valid reason for a checksum change.
The tag v0.0.6 is still form Mar 27, 2023 on the same commit: 40f4aec.
So the only reason I can see is that Github does not guarantee checksum stability. Can that be the reason?
Here is some reading on Githubs standpoint.
from tkey-ssh-agent.
chenrui333
commented on June 12, 2024
So the only reason I can see is that Github does not guarantee checksum stability. Can that be the reason?
recently, we found that zrok has the similar checksum stability issue, see openziti/zrok#561
from tkey-ssh-agent.
dehanj
commented on June 12, 2024
Okay, so I cloned a fresh repo, checked out the tag v0.0.6.
Then i downloaded the source code using the url in our formula, uncompressed it.
I compared the two folders using diff -ru tkey-ssh-agent ~/Downloads/tkey-ssh-agent-0.0.6
I get
Only in tkey-ssh-agent: .git
So no difference that is not expected.
I do get this checksum (the same as in the PR)
b0ace3e21b9fc739a05c0049131f7386efa766936576d56c206d3abd0caed668 tkey-ssh-agent-0.0.6.tar.gz
So I guess we can conclude that the new checksum is valid, and the explanation is that Github simply now generates a different checksum. I think we can close this issue now.
from tkey-ssh-agent.
chenrui333
commented on June 12, 2024
So I guess we can conclude that the new checksum is valid, and the explanation is that Github simply now generates a different checksum. I think we can close this issue now.
If you dont mind, can you also report this to github to see if we can get some help on understanding the root cause?
On the similar note, we (homebrew) recently, we had a bit thread on the cog checksum mismatch, which might also help.
from tkey-ssh-agent.
dehanj
commented on June 12, 2024
If you dont mind, can you also report this to github to see if we can get some help on understanding the root cause?
Sure!
On the similar note, we (homebrew) recently, we had a bit thread on the cog checksum mismatch, which might also help.
Great, this might give some insight. Will look it through.
from tkey-ssh-agent.
chenrui333
commented on June 12, 2024
@dehanj another idea, can we upload the source tarball as github asset into each release (in that way, it wont be changed at all)
from tkey-ssh-agent.
dehanj
commented on June 12, 2024
@chenrui333
Sure, that is possible. It won't give any insight to why this happened thou..
The reason we used the tarball from Github is because we thought it was standard procedure. Maybe we are wrong?
This might not be a discussion that should happen in this issue, but I'm curious. What is Homebrew's official recommendation on how to provide the source code to the Formula? Since GitHub my be re-generating the tar.gz to save space, and since GitHub has never guaranteed checksum stability (even if it seems like it has been taken for granted, but actually seldomly has changed).
from tkey-ssh-agent.
dehanj
commented on June 12, 2024
Then we can conclude this is due to the renaming of the repository.
Thanks for the help!
from tkey-ssh-agent.
Related Issues (20)
- LGPL licenses on libraries HOT 2
- Break out device libraries
- Add Windows support to tkey-ssh-agent
- windows: getting "access denied" notification if named pipe already exists HOT 3
- Break out Go packages HOT 4
- Break out device apps HOT 1
- Break out client apps
- Break out ssh-agent HOT 3
- Use with gpg-agent / scdaemon HOT 2
- Question: Why use `RM=/bin/rm` in certain places and not others? HOT 4
- detect os when building to support darwin HOT 1
- Update go-serial to build for darwin HOT 3
- Server use-case with no touch
- Embed tagged signer in tkey-ssh-agent HOT 2
- Use Goreleaser to build releases
- Building MSI package in CI fails HOT 1
- Convert man page to scdoc
- Handle if the socket exists when a service tries to start tkey-ssh-agent
- Linux: Document pinentry and Desktop Notifications HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tkey-ssh-agent.