953115 – ELPA overlays - (non)gnu-elpa,melpa(-stable): need gzip support + special continuous integration

Bug 953115 - ELPA overlays - (non)gnu-elpa,melpa(-stable): need gzip support + special continuous integration

Summary: ELPA overlays - (non)gnu-elpa,melpa(-stable): need gzip support + special con...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Overlays (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Markus Walter

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2025-04-04 10:31 UTC by Nikita Zlobin
Modified:	2025-05-01 06:27 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nikita Zlobin 2025-04-04 10:31:22 UTC

Current ELPA stuff is super-risky, because only recent version is held in tar format. When new version released, previous one is converted to tar.gz, thus needs to be repackaged. No need to be maintainer to understand, how hopeless would be to try handle all cases manually.

This needs continuous integration on top of elpa overlay git hostings, runing periodically following loop for detected elpa tar packages:
- check current url for availability
  on success:
  - check modification date / checksums
    (I'm not sure, what they do, that checksums break for existing filenames)
    on mismatch: mask pkg, notify maint;
  - next pkg / slot;
  on failure:
  - append ".gz" (or whatevery they use) and check again.
    - on failure: notify maintainer (no idea, what yet hooks could do)
  - replace url in ebuild, increasing its revision, update manifest
    - better compare archive contents too for unchanged names

Comment 1 Markus Walter 2025-04-07 20:47:04 UTC

As the overlays only contain the most recent version of each package the archiving with .gz should not cause any trouble (or more precisely only transient trouble until the next refresh).

Do you have an example of changing checksums? That would increase the effort for maintaining the overlays quite a lot as this would mean fetching all of the dist files again and again if I interpret this correctly.

Comment 2 Nikita Zlobin 2025-04-10 17:35:14 UTC

app-emacs/eldoc-1.15.0::gnu-elpa - last update in 2024.

And nearly half of packages from melpa.

!!! Fetched file: eldoc-1.15.0.tar VERIFY FAILED!
!!! Reason: Failed on BLAKE2B verification
!!! Got:      aade2b88d7204cd15501a57d95a643014041eca673c9e63782101c9ca1325fad61ee490138113ffa5b828465ec94cb16c6268942865b97ff7d3877ec5604f07a
!!! Expected: 20f0b50621e96c4afd5d6225adcc4083736ac43c4101fad6a40fec9835da3144ac965e91c36699cde377e31d85e5007a61d513399db34ea64827e2a8b83ee3ab
Refetching... File renamed to '/var/calculate/distfiles/eldoc-1.15.0.tar._checksum_failure_.fplje98_'

Comment 3 Nikita Zlobin 2025-04-10 17:50:11 UTC

It looks completely strange - according to page at elpa, file was modified many months before ebuild update at zugaina.

Comment 4 Nikita Zlobin 2025-04-10 17:55:31 UTC

However checksum is really changed for eldoc-1.15.0.
sha512sum: fa1642ae6ca26981c5258127b0e199b7c22b6bc62bc5e0f9ba5020bf042f6471a66009d2053684409bcb216afabae4d91ee9d9c9c2a84b3451e54161992f00f8

expected: 54425a8d01aa78b7346abe3fbc43c2c73ff876b07ddf33ba159956968a32c89745bc26942f55dfddf0b9bc36ac27525ca3464f040892e88fd70023d781114903

Comment 5 Markus Walter 2025-04-11 07:13:43 UTC

I refreshed all the checksums. I'll leave this open as this is only a hotfix and we will have to check why they changed and whether it's feasible to continue the overlays.

Comment 6 Markus Walter 2025-05-01 06:27:13 UTC

I revisited this and it seems to have been a one-off event. So everything should be fine and no further action required.