[Fedora-packaging] Can we allow such URL?
Björn Esser
bjoern.esser at gmail.com
Thu May 30 09:51:55 UTC 2013
Hello Christopher, hello list!
Am Donnerstag, den 30.05.2013, 16:49 +0800 schrieb Christopher Meng:
> On Thu, May 30, 2013 at 3:53 PM, Matthias Runge
> <mrunge at matthias-runge.de> wrote:
> > Does this answer your question now?
>
> Let me speak more clearly.
>
> Now the GitHub SourceURL guidelines[1] said:
>
> "For the source tarball, you should use this syntax:
>
> https://github.com/$OWNER/$PROJECT/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz"
Guidelines are made to tell you the way how things are done, aren't
they? This syntax is the only sane way to have a SOURCE which can be
recreated randomly and verified to be pristine.
> Well, each time I have to %global %{commit} and {shortcommit}, I think
> it's boring.
Doing this bit of copy-paste when altering %{version}, %{release} and
%changelog can't be this hard. You'll need %{commit} during %prep
anyways. Even when using
https://github.com/$OWNER/$PROJECT/archive/%{version}.tar.gz.
Or ask upstream to provide tar.{bz2,xz} downloads somewhere else...
> Now looking at:
>
> https://github.com/$OWNER/$PROJECT/tags
>
> If the author has tagged the release, GitHub will offer each tag with
> 3 links: Zipball URL/ Tarball URL and a link to the commit of this
> tag.
>
> I only discuss tarball, tarball offers this URL:
>
> https://github.com/$OWNER/$PROJECT/archive/%{version}.tar.gz
>
> So my question is that can we use this URL as the Source0 instead of
> the guidelines said?
I'd say "NO WAY", because tags can be created/deleted/altered by anyone
having write-access to the repo. They are NOT explicitly meant to be
created-once-lasts-forever or points-to-same-commit-sha-forever, so
checking the tarball to be pristine might be close to impossible in the
future, if the tag will be altered pointing to an other commit or be
deleted. This may lead to FTBFS as well. An URL like this also _WILL_
lead to conflicting names of source-tarballs, because it's only named to
the version and not to the app's name. Don't forget the naming
guidelines: "When naming a package, the name should match the upstream
tarball or project..."
https://fedoraproject.org/wiki/Packaging:NamingGuidelines?rd=Packaging/NamingGuidelines#General_Naming
So using the URL from the guidelines all will be fine, because it will
create a tarball named containing the projectname, version and the
definitive unique and forever-lasting commit-sha...
> Thanks.
You're welcome!
> [1]----https://fedoraproject.org/wiki/Packaging:SourceURL#Github
Cheers,
Björn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/packaging/attachments/20130530/0adb35cf/attachment.sig>
More information about the packaging
mailing list