-
-
Notifications
You must be signed in to change notification settings - Fork 12.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
faircamp: fix source archive sha256 #160655
Conversation
Faircamp is built from a Codeberg tag source archive. For unknown reasons, the sha of the 0.11.0 archive changed recently: https://post.lurk.org/@freebliss/111796021611406917 This commit resets the sha to that of the currently available source archive. This seems, for now, to be stable. It can be verified as follows: curl https://codeberg.org/simonrepp/faircamp/archive/0.11.0.tar.gz | shasum -a 256 -
Thanks for contributing to Homebrew! 🎉 It looks like you're having trouble with a CI failure. See our contribution guide for help. You may be most interested in the section on dealing with CI failures. You can find the CI logs in the Checks tab of your pull request. |
The test failures seem expected:
Can anyone advise as to how to proceed? This thread with the upstream maintainer explains the situation and intended remediation actions. |
Faircamp maintainer here, I ran dozens of checks yesterday to confirm that malicious circumstances for the sha256 change can be pretty much ruled out. The hash change occured with very high probability due to a change in how the tarball is generated/compressed through forgejo at codeberg - this reflects similar incidents at gitea (go-gitea/gitea#26620) and even github (https://github.com/orgs/community/discussions/45830) last year. Going forward with future releases we will probably have manually uploaded source tarballs to ensure checksum stability, but until then it would be great if installability of faircamp via brew was restored by approving the hash change. Thanks for your time and efforts! |
@themissingcow yeah, it is fine, you can ignore that bot message. @simonrepp thanks for confirming the re-tagging. |
Faircamp is built from a Codeberg tag source archive. For unknown reasons, the sha of the 0.11.0 archive changed recently:
https://post.lurk.org/@freebliss/111796021611406917
This commit resets the sha to that of the currently available source archive. This seems, for now, to be stable. It can be verified as follows:
curl https://codeberg.org/simonrepp/faircamp/archive/0.11.0.tar.gz | shasum -a 256 -
I wasn't sure whether the
bottle do
section needed updating, as this wasn't a version bump (the existing bottles are valid), so have left them as-is for now.HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>
, where<formula>
is the name of the formula you're submitting?brew test <formula>
, where<formula>
is the name of the formula you're submitting?brew audit --strict <formula>
(after doingHOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>
)? If this is a new formula, does it passbrew audit --new <formula>
?