Snapshots mtime breaks digests
Adrian C.
anrxc at sysphere.org
Fri Apr 27 04:14:16 CEST 2012
Hello, GNU/Linux distributions are trying to package my little software
by grabbing the Cgit auto generated tarball of the latest release but
their build systems use md5sum or sha1sum which then complain the hash
no longer matches the official release.
I use cgit release 0.9.0.2 with Lighttpd frontend and snapshots enabled
on http://git.sysphere.org I presume the mtime changes when the original
tarball expires from the Cgit cache and I didn't find anything in the
cgitrc manual so far.
Anyone knows of a workaround I can apply to keep these folks happy?
Thanks.
Here's the disection of what happens:
$ diff -u <(hd vicious-2.0.4.tar.gz) <(hd vicious-2.0.4\ \(1\).tar.gz)
--- /proc/self/fd/11 2012-04-18 21:52:54.970674733 +0200
+++ /proc/self/fd/12 2012-04-18 21:52:54.970674733 +0200
@@ -1,4 +1,4 @@
-00000000 1f 8b 08 00 f8 e8 8d 4f 00 03 ec 7d 59 8f dc 48 |.......O...}Y..H|
+00000000 1f 8b 08 00 d6 1a 8f 4f 00 03 ec 7d 59 8f dc 48 |.......O...}Y..H|
00000010 92 e6 bc 8e ff 0a 87 5e 24 61 42 91 bc 0f 15 06 |.......^$aB.....|
00000020 8b 2c 29 55 95 33 ba 20 a9 b6 a6 31 68 14 9c 74 |.,)U.3. ...1h..t|
00000030 67 24 3b 23 c8 68 1e 4a 45 3f ec 6f 5f 3b dc 49 |g$;#.h.JE?.o_;.I|
Tarballs are the same:
$ gunzip vicious-2.0.4.tar.gz
$ gunzip vicious-2.0.4\ \(1\).tar.gz
$ md5sum vicious-2.0.4*
2f83e422d99e67099fbeab8cb4314f69 vicious-2.0.4 (1).tar
2f83e422d99e67099fbeab8cb4314f69 vicious-2.0.4.tar
As defined here[1], byte which change are mtime field.
[1]: http://tools.ietf.org/html/rfc1952#page-5
--
Adrian C. (anrxc) | anrxc..sysphere.org | PGP ID: D20A0618
PGP FP: 02A5 628A D8EE 2A93 996E 929F D5CB 31B7 D20A 0618
More information about the CGit
mailing list