As title says: ===> License AGPLv3 accepted by the user ===> signal-desktop-6.48.1_1 depends on file: /usr/local/sbin/pkg - found => signalapp-Signal-Desktop-6.48.1_GH0.tar.gz is not in /usr/ports/net-im/signal-desktop/distinfo. => Either /usr/ports/net-im/signal-desktop/distinfo is out of date, or => signalapp-Signal-Desktop-6.48.1_GH0.tar.gz is spelled incorrectly. *** Error code 1 Stop. make: stopped in /usr/ports/net-im/signal-desktop To who ever is in charge of signal-desktop updates: Please for the love of all things holy, double check your work. It has now been a routine, without missing a single beat, every damned time there's an update to signal-desktop, a build failure of some sort. The latest 2 (at a bare minimum) have failed due to misspelling the source archive, requiring manual fetching from GitHub, renaming & re-hashing the SHA of the archive to get thing building cleanly. Here it is: signalapp-Signal-Desktop-6.48.1_GH0.tar.gz VERSUS signalapp-Signal-Desktop-v6.48.1_GH0.tar.gz NOTE: the missing "v". In the previous ~12 updates (probably more), it was a rash of distfiles constantly missing from the FreeBSD distribution servers. How is this constantly slipping through the cracks?
From the distinfo file: SHA256 (signalapp-Signal-Desktop-v6.48.1_GH0.tar.gz) = fb3e59e853b16a99dee5db556b45dd19694b9c7f5e2505dcb546957c7c9bd26a SIZE (signalapp-Signal-Desktop-v6.48.1_GH0.tar.gz) = 43063584 NOTE: The "v" letter in the source archive name. It is missing when build starts, during source archive fetch: => signalapp-Signal-Desktop-6.48.1_GH0.tar.gz is spelled incorrectly.
I really do not like the tone of your message. if you think you can do better fell free to maintain signal-desktop.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=69e09cc735909442d1994b8d8d14b8860d7fe3b2 commit 69e09cc735909442d1994b8d8d14b8860d7fe3b2 Author: Mikael Urankar <mikael@FreeBSD.org> AuthorDate: 2024-03-01 10:01:41 +0000 Commit: Mikael Urankar <mikael@FreeBSD.org> CommitDate: 2024-03-01 10:01:41 +0000 net-im/signal-desktop: fix fetch DISTVERSIONPREFIX was mistankenly removed in previous commit PR: 277407 net-im/signal-desktop/Makefile | 1 + 1 file changed, 1 insertion(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9bc326e84268d6122e75a49132413a05f090c402 commit 9bc326e84268d6122e75a49132413a05f090c402 Author: Mikael Urankar <mikael@FreeBSD.org> AuthorDate: 2024-03-01 10:09:16 +0000 Commit: Mikael Urankar <mikael@FreeBSD.org> CommitDate: 2024-03-01 10:09:16 +0000 net-im/signal-desktop: drop maintainership PR: 277407 multimedia/ringrtc/Makefile | 2 +- net-im/libsignal-node/Makefile | 2 +- net-im/signal-desktop/Makefile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)
Mikael, thank you for all the volunteer time you donated to create and maintain the signal port. It certainly doesn't look like a simple port to maintain, especially with the node dependencies you have to bundle and self-host.
to the reporter, this tone is actually not acceptable at all. the project is volunteer based if you are unhappy give a hand instead of yelling at other, we do expect benevolence from anyone and clearly do not accept such way of interacting with people. Please next time refrain from harsh comment!
(In reply to fgorter from comment #0) Friso, now that the port is unmaintained, would you like to take up the maintainership?
(In reply to Mikael Urankar from comment #2) You may criticize a "harsh tone" all you like, IF and ONLY IF, it was a one-time mistake. This is not by any means AT ALL all a one-time mistake. In the last 10+ updates, there was always something amiss in the update pushed to release. It is extremely disrespectful to the community & the project-at-large if you're going to deliberately & routinely do such work. The fact that I have not mentioned it before, is indicative of just how tolerant I am. 10+ times the same-or-similar mistake tolerated, not a peep from me, or anyone else for that matter. The curious thing is, and if you truly care about the work you do, for whatever reason, you seem to not detect these mistakes before sending the updates out. Do you not do a sanity-check on them at all? These last 2 mistakes in misspelling literally reveal themselves within 2 seconds of starting a build. This exact same stumble happens EVERYTIME with net-im/libsignal-node , where for some reason a some joker has left a "--offline" instruction in the Makefile that instantly breaks the build. Again: CHECK your work before sending it out - it takes seconds to catch something like this. Most users are not me, and will not spend the extra 5 to 10 minutes trying to figure out where the mistakes are & how to solve them, in order to keep working with this software. Each one of these errors will cost you in the number of people who use the ports/pkgs. This is detrimental if your intent is to provide good work for the most number of people. Is that not what we are here for?!
(In reply to Gleb Popov from comment #7) I have exactly 1 hour or so per day I can dedicate to things other than *necessary* computer work or medical treatment. I prefer to go out and play fetch with my dog for the short time I'm still alive -- which isn't long. The upshot is you'll not hear me complain for much longer about obvious software compilations that routinely break from the second they are executed.
(In reply to fgorter from comment #9) > I have exactly 1 hour or so per day I can dedicate to things other than *necessary* computer work or medical treatment. I'm more than sure that Mikael also have something to do instead of reading your complaints. > The upshot is you'll not hear me complain for much longer about obvious software compilations Of course we won't, the software in question will not be updated anymore, unless someone else picks the port up. However if that was your objective then I don't quite get why go the long way of complaining. You could've just not update your system and be happy. Anyways, get well.
THIRD time in a row... 6.48.1_2 08 Mar 2024 05:14:15 ===> License AGPLv3 accepted by the user ===> signal-desktop-6.48.1_2 depends on file: /usr/local/sbin/pkg - found => signalapp-Signal-Desktop-v6.48.1_GH0.tar.gz is not in /usr/ports/net-im/signal-desktop/distinfo. => Either /usr/ports/net-im/signal-desktop/distinfo is out of date, or => signalapp-Signal-Desktop-v6.48.1_GH0.tar.gz is spelled incorrectly. *** Error code 1 Stop. make: stopped in /usr/ports/net-im/signal-desktop ===>>> make build failed for net-im/signal-desktop ===>>> Aborting update signalapp-Signal-Desktop-v6.48.1_GH0.tar.gz ---> appears as signalapp-Signal-Desktop-6.48.1_GH0.tar.gz in the distinfo. Note: missing "v".
There is no one to fix the port anymore. You can try working out the patch yourself and then finding someone to commit it.
(In reply to fgorter from comment #11) you're not even capable of correcting the mistakes you've made on your local checkout and you take it upon yourself to lecture others...
(In reply to Gleb Popov from comment #12) There is nothing to fix the error is on its side
Created attachment 250132 [details] Only utilizing fetch-yarn target will allow building this port with this patch Mikaël, thanks for your highly appreciated effort updating this port to 7.5.0 although you're not maintaining it anymore (for reasons). To me it seems this port isn't suitable for regular FreeBSD users. I encourage everyone using 'make' instead of 'pkg', except for net-im/signal-desktop e.g. As far as I understood, upstream changes happen quicker than signal-desktop-${DISTVERSION}-yarn-cache.tar.gz is synchronized across distcache sites ;-) And more important, npm(1) downloading won't allow to manifest tarball checksums, at least not for more than a few days! As of this Saturday (yesterday) net-im/signal-desktop was broken once again (on Friday I could compile 7.5.0 in the office). I have no clue about yarn and very much dislike the use of npm(1) and the like (yarn), but a quick walk through your highly appreciated Makefile reveled the fetch-yarn target, which allowed me to build signal-desktop in version 7.5.1 as of today with the attached diff. Anyone is welcome to try it out - no guarantee it will work though! I'd suggest eliminating yarn-cache.tar.gz from DISTFILES - to my short experience, this will break the port. I have some ideas how to make signal-desktop more reliable installable for FreeBSD users, but currently no time to do anything beyond botched fixes... (one is to provide a separate repository/ISO-repo, like I do for own deployments). One first step is to add something like: BROKEN= Due to the nature of this port - resp. the upstream distribution model - try to build only if you are prepared to fix things yourself Thanks for creating/maintaining this weird high-effort port - in our shiny new cloud-world, even the most easy things like copying files are insane complicated with insane loss of transparency . _I_ have no clue where all the source code comes from and how integrity is supposed to be guaranteed - for now I just have to trust - which I'd prefer not being forced to ... From security point of view, this application is a complete nightmare on FreeBSD - exactly the opposite of what it's intention is. For such kind of applications, we'd need a distinct build-explanation website, imho. This wouldn't prevent things like the https://tukaani.org/xz-backdoor/ vector, but auditing this application at least wouldn't add additional grunt work on FreeBSD.
(In reply to Harald Schmalzbauer from comment #15) I do partially understand source file integrity checks, so my first idea is to manifest yarn.lock from upstream for dynamically building DISTFILES - like fetch-yarn already does! The port version/revision must be tied to yarn.lock (checksums) as far as I understand the distribution model, right?