Summary: | GitLab doesn't seem to require GL_COMMIT any more | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Yuri Victorovich <yuri> |
Component: | Ports Framework | Assignee: | Port Management Team <portmgr> |
Status: | Closed DUPLICATE | ||
Severity: | Affects Only Me | CC: | dave, jbeich, ports-bugs, saper, tcberner |
Priority: | --- | ||
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Looks like ${GL_COMMIT} is stripped if archive name matches ${GH_PROJECT}-${GH_TAGNAME} e.g., $ fetch https://code.videolan.org/videolan/dav1d/-/archive/0.5.1/dav1d-0.5.1.tar.gz $ tar tvf dav1d-0.5.1.tar.gz drwxrwxr-x 0 root root 0 Oct 25 19:38 dav1d-0.5.1/ $ fetch https://code.videolan.org/videolan/dav1d/-/archive/0.5.1/0.5.1.tar.gz $ tar tvf 0.5.1.tar.gz | head -1 drwxrwxr-x 0 root root 0 Oct 25 19:38 dav1d-0.5.1-bb160f09fa7ad132f4b6a014ac8e168b913ee3ab/ $ fetch https://code.videolan.org/videolan/dav1d/-/archive/bb160f0/dav1d-bb160f0.tar.gz $ tar tvf dav1d-bb160f0.tar.gz | head -1 drwxrwxr-x 0 root root 0 Oct 25 19:38 dav1d-bb160f0/ $ fetch https://code.videolan.org/videolan/dav1d/-/archive/0.5.1/foo.tar.gz $ tar tvf foo.tar.gz drwxrwxr-x 0 root root 0 Oct 25 19:38 dav1d-0.5.1-bb160f09fa7ad132f4b6a014ac8e168b913ee3ab/ $ fetch https://code.videolan.org/videolan/dav1d/-/archive/bb160f0/bar.tar.gz $ tar tvf bar.tar.gz drwxrwxr-x 0 root root 0 Oct 25 19:38 dav1d-bb160f0-bb160f09fa7ad132f4b6a014ac8e168b913ee3ab/ $ fetch -o qux.tar.gz https://code.videolan.org/videolan/dav1d/-/archive/bb160f0/dav1d-0.5.1.tar.gz $ tar tvf qux.tar.gz drwxrwxr-x 0 root root 0 Oct 25 19:38 dav1d-bb160f0-bb160f09fa7ad132f4b6a014ac8e168b913ee3ab/ https://gitlab.com doesn't accept URLs with hashes as the FreeBSD framework constructs them, and ports become unfetchable. But other GitLab installations work as before and do accept hashes. Poking around at Gitlab's website, I find that this works to download a tarball of an arbitrary commit: https://gitlab.com/${GL_ACCOUNT}/${PORTNAME}/-/archive/${GL_COMMIT}/${PORTNAME}-${GL_COMMIT}.tar.gz You can substitute ${PORTVERSION} for ${GL_COMMIT} in the above URL and it also works. The file size for a downloaded tarball using ${PORTVERSION} differs from the same tarball (contents anyways) obtained by using ${GL_COMMIT}. This difference in file sizes is causing me some confusion because the file deposited in /usr/ports/distfiles has a different filesize from what I get by using git-archive(1) or what NetBSD downloads for use with pkgsrc. I'm not sure how relevant this is, but I was pointed to this bug from https://lists.freebsd.org/pipermail/freebsd-ports/2020-March/118073.html David - I have tried to fetch three URLs: https://gitlab.com/DavidGriffith/frotz/-/archive/2.51/frotz-2.51.tar.gz https://gitlab.com/DavidGriffith/frotz/-/archive/73eec90ebb159ed687b74cbaf81e135c3e7e390b/frotz-73eec90ebb159ed687b74cbaf81e135c3e7e390b.tar.gz https://gitlab.com/DavidGriffith/frotz/-/archive/73eec90ebb159ed687b74cbaf81e135c3e7e390b/frotz.tar.gz I get two different files: SHA1 (frotz-2.51.tar.gz) = 54aa50d36b6ae402d063c0fb64e990e50557ed1e SHA1 (frotz-73eec90ebb159ed687b74cbaf81e135c3e7e390b.tar.gz) = 07620780e46fc23160f60c4f0b7e0a4edaad4e7e SHA1 (frotz.tar.gz) = 07620780e46fc23160f60c4f0b7e0a4edaad4e7e The difference is in the directory name: for i in frotz*.tar.gz; do echo -n "$i "; tar tf "$i" | grep 'frotz-[^/]*/$'; done frotz-2.51.tar.gz frotz-2.51/ frotz-73eec90ebb159ed687b74cbaf81e135c3e7e390b.tar.gz frotz-73eec90ebb159ed687b74cbaf81e135c3e7e390b/ frotz.tar.gz frotz-73eec90ebb159ed687b74cbaf81e135c3e7e390b/ Asking for a branch name (like "master") will cause the directory to be named like this: frotz-master-cfa5a316f3acd0aad9828d2d49c82710ccae0cf9/ Therefore the sizes and the hashes have to be different... GL_COMMIT blocks portscout version probing, exacerbated by https://gitlab.com/gitlab-org/gitlab/-/issues/267523 Currently, the only way to detect new versions on GitLab-hosted projects is via Repology or out-of-band (*-announce@ list, IRC, Twitter, Reddit, etc). This makes it easy to miss security/stability releases by maintainers with many ports (out-of-band doesn't scale for >100 ports due to noise). *** This bug has been marked as a duplicate of bug 248967 *** This one is older than bug 248967 and comment 3 here provides a partial fix. Once GL_COMMIT accepts non-full hash (abbreviated or refname) it'd be similar to GH_TAGNAME (in USE_GITHUB). Obviously, a proper fix would require a tree-wide cleanup (sweeping change) or a transitional period when GL_COMMIT is either missing or not equal to 40 hexadecimal digits. |
The framework prints: GL_COMMIT is a required 40 character hash for use USE_GITLAB But the tarball URL doesn't contain commit any more. Now > MASTER_SITES=https://gitlab.com/${PORTNAME}/${PORTNAME}/-/archive/${DISTVERSIONFULL}/ is sufficient. Testcase: port audio/zrythm