Package Details: pylama 8.4.1-2

Git Clone URL: https://aur.archlinux.org/pylama.git (read-only, click to copy)
Package Base: pylama
Description: Code audit tool for python
Upstream URL: https://github.com/klen/pylama
Licenses: MIT
Submitter: tapajos
Maintainer: loacker
Last Packager: loacker
Votes: 1
Popularity: 0.006959
First Submitted: 2024-04-10 13:17 (UTC)
Last Updated: 2024-08-21 16:09 (UTC)

Latest Comments

loacker commented on 2024-08-26 09:21 (UTC) (edited on 2024-08-26 09:23 (UTC) by loacker)

In order to ensure the stability of the source code for github source code [1], when I adopted the package I aligned it with the url I use in other packages I maintain with source coming from github [1].

Rather than the previous root directory in the form of <pkgname>-<version>, the archive contains the root directory in the form of <owner>-<repos>-<commit>.

I utilize another aur helper (pikaur), so I didn't notice the issue you reported when I installed the package, nevertheless, I appreciate you reporting it @setpill and providing clarification regarding the package content.

I had no intention to arm anyone, and I'm attempting to figure out how to prevent this problem with Pacaur.

Thank you!

[1] https://docs.github.com/en/repositories/working-with-files/using-files/downloading-source-code-archives#stability-of-source-code-archives

[2] https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#download-a-repository-archive-tar

setpill commented on 2024-08-23 08:39 (UTC)

After sha256summing the contents of each of the archives, the only difference is the name of the root dir. So yes, difference is benign. Please fix this.

setpill commented on 2024-08-23 08:32 (UTC) (edited on 2024-08-23 08:32 (UTC) by setpill)

Due to the change in link, a different package is downloaded.

https://github.com/klen/pylama/archive/8.4.1.tar.gz (old link) has sha256sum 6968f9c49ed04cff4010c2cd01a12d39c76f4f0dd0e96e381f5e9af39037bf21 and b2sum dea99fc784736f3b229c5d82a59f2e2b5490fbe344ad98167e30e550b6c774c7b42cbddfedeb073d9d843cf53169c441812974036b06088ab07d7b7996def4a5.

https://api.github.com/repos/klen/pylama/tarball/refs/tags/8.4.1 (new link) has sha256sum f9f30b8bc10c9f3673a728d578a2d1767fda96cc42607881f58e47af50fe5b04 and b2sum dcb00cfe080e44a517471acec27e46642e4d00ebf2e9b781184abb579ddabe881e3e5816ebc8390834dce3e3ebf4cea8ad02263b0596523528da10f2ae84f025

I only noticed because my AUR helper (pacaur) saw the archive already existed in its cache and did not redownload and broke on the mismatch.

If the difference is benign, you might want to change the name of the archive file to avoid this for others.