On Thu, Nov 17, 2016 at 09:46:38PM +0100, Marius Bakke wrote: > Arun Isaac <arunis...@systemreboot.net> writes: > > Marius Bakke writes: > > > >> Thanks for this. I'm unable to download the new version with > >> `./pre-inst-env guix build mpop`; > > > > Not sure what the problem is. I was able to build mpop successfully on > > my system. But, I did download manually with `guix download' > > first. Perhaps the build used that downloaded source tarball.
I fixed the URL and made it use our SourceForge mirror in commit 5837e6993. > Yes, if the hash already exists in the store, it will be used instead of > downloading. This has caused some confusion before :-) As Marius hints at, using `guix download` to get source code while writing a package masks errors in the package's URL. You should always download the source code "out of band" with wget, curl, a web browser, etc, and then use `guix hash` to calculate the hash. That way, you can be sure the package works. Also, you don't leak information (via `guix download`'s network signature) to potentially hostile servers that you are packaging software for Guix.
signature.asc
Description: PGP signature