[oe] [PATCH] wrong checksum for libsdl-mixer-1.2.9

Martin Jansa martin.jansa at gmail.com
Sat Nov 21 18:30:54 UTC 2009 

On Sat, Nov 21, 2009 at 07:07:45PM +0100, Frans Meulenbroeks wrote:
> 2009/11/21 Bernhard Kaindl <bernhard.kaindl at gmx.net>:
> > Hi,
> >   indeed, the SDL_mixer-1.2.9.tar.gz has changed on
> > http://www.libsdl.org/projects/SDL_net/release,
> > so conf/checksums.ini is outdated, as it stands, and has to be updated:
> >
> > Signed-off-by: Bernhard Kaindl <bernhard.kaindl at gmx.net>
> >
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/conf/checksums.ini b/conf/checksums.ini
> > index 784a092..e1aac1f 100644
> > --- a/conf/checksums.ini
> > +++ b/conf/checksums.ini
> > @@ -1099,8 +1099,8 @@ md5=0b5b91015d0f3bd9597e094ba67c4d65
> >  sha256=a8222a274778ff16d0e3ee49a30db27a48a4d357169a915fc599a764e405e0b6
> >
> >  [http://www.libsdl.org/projects/SDL_mixer/release/SDL_mixer-1.2.9.tar.gz]
> > -md5=a9eb8750e920829ff41dbe7555850156
> > -sha256=557910a4a3aeed6d10238e26b5a39b19247115a1b352580082bb15dc02ae4b8d
> > +md5=09eb4585f46d3527fe7fce8af8f9e591
> > +sha256=7216a89d92327d2f0fe03e78f3c758a52be68c29daf8e971c226f4a3191e9ec0
> >
> >  [http://www.libsdl.org/projects/SDL_net/release/SDL_net-1.2.5.tar.gz]
> >  md5=e45b1048d2747480dcc65ece4130a920
> >
> > Philip Balister schrieb:
> >>
> >> On 11/21/2009 01:15 AM, Robert P. J. Day wrote:
> >>>
> >>> On Sat, 21 Nov 2009, GNUtoo wrote:
> >>>>
> >>>> `/home/embedded/sources/SDL_mixer-1.2.9.tar.gz' saved [2690766/2690766]
> >>>>
> >>>> NOTE: The MD5Sums did not match. Wanted:
> >>>> 'a9eb8750e920829ff41dbe7555850156' and Got:
> >>>> '09eb4585f46d3527fe7fce8af8f9e591'
> >>>
> >>>   that second checksum is, in fact, the correct one for that tarball.
> >>> and the sha256sum in conf/checksums.ini also doesn't match the one for
> >>> that tarball.  if that used to be correct, does that mean someone has
> >>> replaced a tarball with a different but identically-named one?
> 
> Before committing this patch I would suggest comparing the new and the
> old version to find out what is actually causing this and what has
> been changed.
> If we just blindly change checksums we might as well abandon them.
> Also note that a change of the checksum means that everyone who has
> the file in his/her download dir will get a checksum error.
> 
> For now a nack from me.
> 
> As this already happened before recently (perl twig) I suggest we
> adapt a policy for this or maybe some automated removal (e.g. if you
> have a file in your downloads dir with a checksum in blacklist.ini
> that version is not used but removed or parked aside or something like
> that).
> 
> Frans

As Bernhard probably hasn't old archive I tried it here

/home/downloads/OE/SDL_mixer-1.2.9 $ ls -lR > lslR.txt
/home/downloads/OE/SDL_mixer-1.2.9 $ cd ../SDL_mixer-1.2.9.new/
/home/downloads/OE/SDL_mixer-1.2.9.new $ ls -lR > lslR.txt
/home/downloads/OE/SDL_mixer-1.2.9.new $ cd ..

/home/downloads/OE $ diff -rq SDL_mixer-1.2.9 SDL_mixer-1.2.9.new/
Files SDL_mixer-1.2.9/lslR.txt and SDL_mixer-1.2.9.new/lslR.txt differ

/home/downloads/OE $ diff -r SDL_mixer-1.2.9 SDL_mixer-1.2.9.new/
All file rights are the same only dates changed from Oct 13 to Nov 7

So it looks safe.

martin at jama /home/downloads/OE $ md5sum SDL_mixer-1.2.9.tar.gz;
sha256sum SDL_mixer-1.2.9.tar.gz
a9eb8750e920829ff41dbe7555850156  SDL_mixer-1.2.9.tar.gz
557910a4a3aeed6d10238e26b5a39b19247115a1b352580082bb15dc02ae4b8d
SDL_mixer-1.2.9.tar.gz
martin at jama /home/downloads/OE $ md5sum SDL_mixer-1.2.9-new.tar.gz;
sha256sum SDL_mixer-1.2.9-new.tar.gz
09eb4585f46d3527fe7fce8af8f9e591  SDL_mixer-1.2.9-new.tar.gz
7216a89d92327d2f0fe03e78f3c758a52be68c29daf8e971c226f4a3191e9ec0
SDL_mixer-1.2.9-new.tar.gz

Acked-by: Martin Jansa <Martin.Jansa at gmail.com>

-- 
uin:136542059                jid:Martin.Jansa at gmail.com
Jansa Martin                 sip:jamasip at voip.wengo.fr 
JaMa

More information about the Openembedded-devel mailing list