On 19/09/17 10:09, Burton, Ross wrote: > Then the tarball for one of Erlang's repositories changed, and was noticed > by the checksum in the recipe (thanks Gunnar Andersson for reporting > this). The extracted contents are identical, but the tarball itself has > changed. I'm presuming this is due to the old tarball expiring in their > cache, and a newly generated tarball using a later version of tar.
I don't think tar is the one to blame, but gzip. I have just tested GNU tar (versions 1.29 and 1.26) and BSD tar (from OpenBSD 5.8) and the 3 have produced identical archives (same md5sum) when invoked like git archive does. However, the .tar.gz file generated was different in the case of BSD. It even had a different file size. I bet that if you uncompress both files, the .tar will have the same checksum in both cases. I guess that a different version (or implementation) of gzip, or even different local settings like forcing a more or less aggressive compression can be the explanation here. Maybe an idea is that OE could gain a feature to optionally do a checksum of the .tar file once uncompressed that could be used as a fallback second check if the first one fails? If the first one fails but the second one passes a non-fatal WARN could be issued.
signature.asc
Description: OpenPGP digital signature
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core