[oe] [PATCH] libsamplerate: Fix checksums to match downloaded file

Sean Cross sean at chumby.com
Sun Oct 17 15:45:07 UTC 2010 

On 17-Oct-2010, at 7:22 PM, Frans Meulenbroeks wrote:

> 2010/10/17 Sean Cross <sean at chumby.com>:
>> libsamplerate-0.1.7.tar.gz has changed upstream.  The Angstrom mirror has an old version of the file.  Pulling it from the source, I see that the following two changes have been made without bumping the version:
>> 
>> diff -ur old-libsamplerate-0.1.7/ChangeLog libsamplerate-0.1.7/ChangeLog
>> --- old-libsamplerate-0.1.7/ChangeLog   2009-02-14 11:37:27.000000000 +0000
>> +++ libsamplerate-0.1.7/ChangeLog       2009-02-15 00:17:35.000000000 +0000
>> @@ -11,7 +11,7 @@
>>     This bug has zero security implications beyond the ability to cause a
>>     program hitting this bug to exit immediately with a segfault.
>>     See : http://www.mega-nerd.com/erikd/Blog/2009/Feb/14/index.html
>> -    Thanks to David Cournapeau for the bug report.
>> +    Thanks to David Cournapeau and Lev Givon for the bug report.
>> 
>>     * doc/win32.html Makefile.am configure.ac
>>     Reinstate Win32/MSVC compile instructions.
>> diff -ur old-libsamplerate-0.1.7/Win32/config.h libsamplerate-0.1.7/Win32/config.h
>> --- old-libsamplerate-0.1.7/Win32/config.h      2009-02-14 11:42:49.000000000 +0000
>> +++ libsamplerate-0.1.7/Win32/config.h  2009-02-14 11:46:40.000000000 +0000
>> @@ -190,8 +190,7 @@
>>  #define STDC_HEADERS 1
>> 
>>  /* Version number of package */
>> -<<<<<<< diff from left file
>> -#define VERSION "0.1.4"
>> +#define VERSION "0.1.7"
>> 
>> 
>> 
>> @@ -203,6 +202,3 @@
>>  */
>> 
>>  #define inline __inline
>> -========
>> -#define VERSION "0.1.7"
>> ->>>>>>> diff from right file
>> 
>> 
>> The following patch corrects the checksums for the new version.
>> 
>> ---
>>  recipes/libsamplerate/libsamplerate0_0.1.7.bb |    4 ++--
>>  1 files changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/recipes/libsamplerate/libsamplerate0_0.1.7.bb b/recipes/libsamplerate/libsamplerate0_0.1.7.bb
>> index 737e934..8b457ba 100644
>> --- a/recipes/libsamplerate/libsamplerate0_0.1.7.bb
>> +++ b/recipes/libsamplerate/libsamplerate0_0.1.7.bb
>> @@ -12,5 +12,5 @@ S = "${WORKDIR}/libsamplerate-${PV}"
>>  inherit autotools pkgconfig
>> 
>> 
>> -SRC_URI[md5sum] = "ad093e60ec44f0a60de8e29983ddbc0f"
>> -SRC_URI[sha256sum] = "e0a646224a0323ac63f56ef009b2d7fee11452a7b8af139b19ae71d2890dbc9c"
>> +SRC_URI[md5sum] = "6731a81cb0c622c483b28c0d7f90867d"
>> +SRC_URI[sha256sum] = "78ed5d9ff1bf162c4a078f6a3e7432a537dd2f22dc58872b081fb01156027fcc"
>> --
>> 1.7.0.4
>> 
> 
> Yuk; changing the contents of a release.
> While I feel this patch is better than nothing (or we need to
> maintain/store our own copy and always use that), I suggest at least a
> PR bump to trigger a rebuild.
> 
> Thinking of it:
> We might need a mechanism that the mirrors also get updated.
> And it would be nice if the system would attempt a reload from the
> source if the version in the downloads dir does not match the
> checksums.
> That way the problem of people having an older copy of the source in
> their downloads dir do get the latest version if upstream changes.
> (we might only do this if the recipe is newer than the copy in
> downloads, just to avoid fetching over and over again).

This actually came about because I'm overriding angstrom-mirrors.bbclass in an overlay to be empty.  I did this largely to prevent passwords from leaking out.  In order to authenticate with the SVN server, I'm putting the username and password as part of the URI, and I believe the URI gets flattened and appended as part of the mirror check.  But as a side effect I'm finding a few problems like this, or packages that are outright missing upstream.

One side effect of this is that the Angstrom mirror has an older version of the file.  Changing the sum and bumping the PR will break builds for Angstrom.  They'll need to re-mirror the file in order to get things working again.


Sean

More information about the Openembedded-devel mailing list