[meta-virtualization] [[meta-openstack][PATCH] python-dogpile: core: update SRC_URI* sums
Bruce Ashfield
bruce.ashfield at gmail.com
Sun Feb 9 20:28:00 PST 2014
On Fri, Feb 7, 2014 at 10:25 PM, Mark Asselstine
<mark.asselstine at windriver.com> wrote:
> On Fri, Feb 7, 2014 at 5:23 PM, Bruce Ashfield <bruce.ashfield at gmail.com> wrote:
>> On Fri, Feb 7, 2014 at 5:03 PM, Paul Eggleton
>> <paul.eggleton at linux.intel.com> wrote:
>>> Hi Mark,
>>>
>>> On Friday 07 February 2014 16:07:33 Mark Asselstine wrote:
>>>> Attempting to build openstack-image-controller I was getting
>>>>
>>>> 'Fetcher failure ... /dogpile.core-0.4.1.tar.gz'. Checksum mismatch!
>>>>
>>>> Update the sums to match the expected values.
>>>
>>> So one of three things happened here:
>>>
>>> 1) The checksum was never right in the first place
>>>
>>> 2) The file upstream has changed "legitimately" (annoying, but sometimes
>>> happens)
>>>
>>> 3) The file upstream has been tampered with
>>>
>>> Are you sure it's not #3?
>>
>> Agreed, we should look closer. I can assure that when I added the support, the
>> checksum matched what's in the recipe:
>>
>> [/home/bruc.../downloads]> ls -alF | grep -w dogpile.core-0.4.1.tar.gz
>> -rw-r--r-- 1 bruce users 99534 Jan 19 2013 dogpile.core-0.4.1.tar.gz
>> -rw-r--r-- 1 bruce users 0 Feb 5 16:56 dogpile.core-0.4.1.tar.gz.done
>> [/home/bruc.../downloads]> md5sum dogpile.core-0.4.1.tar.gz
>> 5f76cce023d505a5375b07e094c3260f dogpile.core-0.4.1.tar.gz
>>
>> So it's either #2 or #3.
>
> It's #2. I had looked quickly before sending the update but you are
> right in that I should have looked more closely and included a note in
> the commit log.
>
> According to here:
> https://pypi.python.org/pypi/dogpile.core
>
> A new upload was provided on 2013-11-15. The md5sum matches what is
> present on the page. Looking at the contents of the tarball there are
> about 5 files modified on that date, all related to the Python Egg.
>
> What I haven't been able to find is any mailing list, bug report etc.
> describing what/why the change. The files modified in the tarball are
> not part of the projects source repo, so no commit logs or other
> breadcrumbs. Do we need anything more definitive than the webpage?
>
> Bruce, do you want an updated commit log with some of this information captured?
Yep, let's put this in the commit log to remove all doubt.
Bruce
>
> Mark
>
>
>
>>
>> Bruce
>>
>>>
>>> Cheers,
>>> Paul
>>>
>>> --
>>>
>>> Paul Eggleton
>>> Intel Open Source Technology Centre
>>> _______________________________________________
>>> meta-virtualization mailing list
>>> meta-virtualization at yoctoproject.org
>>> https://lists.yoctoproject.org/listinfo/meta-virtualization
>>
>>
>>
>> --
>> "Thou shalt not follow the NULL pointer, for chaos and madness await
>> thee at its end"
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/meta-virtualization
--
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"
More information about the meta-virtualization
mailing list