[arch-dev-public] git packages and checksums
Gaetan Bisson
bisson at archlinux.org
Sat Jul 18 23:10:29 UTC 2015
[2015-07-18 15:13:43 -0700] Anatol Pomozov:
> On Sat, Jul 18, 2015 at 1:04 PM, Gaetan Bisson <bisson at archlinux.org> wrote:
> > Instead I suggest we use the full commit hash. In the example above,
> > that'd become something like:
> >
> > _commit=9a50ce20ef60263a6c88c29470ce761fcc424f2d
> > source=("git://github.com/systemd/systemd.git#commit=$_commit")
> > md5sums=('SKIP')
>
> Would it be better to improve *sums=() function to work with
> directories? This will also help svn/hg based packages.
>
> A simple solution is to tar whole directory and then calculate the checksum:
>
> tar -c $DIR | md5sum
This involves file attributes, so it seems the md5sum would change any
time you do a new `git clone` even if no actual content has changed.
Also I think the commit hash is an intrinsically better value because it
is explicitly published by upstream. Just as checksums are (or should
be) published next to release tarballs.
Cheers.
--
Gaetan
More information about the arch-dev-public
mailing list