[arch-dev-public] git packages and checksums

Gaetan Bisson bisson at archlinux.org
Sat Jul 18 23:10:29 UTC 2015

[2015-07-18 15:13:43 -0700] Anatol Pomozov:
> On Sat, Jul 18, 2015 at 1:04 PM, Gaetan Bisson <bisson at archlinux.org> wrote:
> > Instead I suggest we use the full commit hash. In the example above,
> > that'd become something like:
> >
> >         _commit=9a50ce20ef60263a6c88c29470ce761fcc424f2d
> >         source=("git://github.com/systemd/systemd.git#commit=$_commit")
> >         md5sums=('SKIP')
> Would it be better to improve *sums=() function to work with
> directories? This will also help svn/hg based packages.
> A simple solution is to tar whole directory and then calculate the checksum:
> tar -c $DIR | md5sum

This involves file attributes, so it seems the md5sum would change any
time you do a new `git clone` even if no actual content has changed.

Also I think the commit hash is an intrinsically better value because it
is explicitly published by upstream. Just as checksums are (or should
be) published next to release tarballs.



More information about the arch-dev-public mailing list