Opened 3 years ago

Closed 3 years ago

#10409 closed enhancement (fixed)

libuv-1.19.2

Reported by: bdubbs@… Owned by: thomas
Priority: normal Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New poiint version.

Change History (7)

comment:1 by thomas, 3 years ago

Grrr, I hate that github stuff.

There is no https://github.com/libuv/libuv/archive/v1.9.2/libuv-1.9.2.tar.gz but a https://github.com/libuv/libuv/archive/v1.19.2.tar.gz can be found under "Releases".

Why the hell are they not able to use the "usual" naming convention <pkgname>-<pkgversion>.tar.xz?

Or is it a PEBKAC on my side?

comment:2 by Armin K, 3 years ago

It's a github trick. You can download any archive specified like

https://github.com/libuv/libuv/archive/v1.19.2.tar.gz

As

https://github.com/libuv/libuv/archive/v1.19.2/fooobarbaz.tar.gz (and change foobarbaz to whatever)

comment:4 by thomas, 3 years ago

how to find out where the real source is?

https://dist.libuv.org/dist/v1.19.2/libuv-v1.19.2.tar.gz differs from https://github.com/libuv/libuv/archive/v1.19.2.tar.gz, the first tarred a directory named libuv-v1.19.2, the seconds one is libuv-1.19.2 and therefore, the md5sums does not match at all. I personally more and more untrust all that github projects.

If ok so far, i'd like to use the dist.libuv.org archive or is there a guideline to prefer github? I'd than use that of course.

Btw, there was a typo in my URLs (1.9.2 instead of 1.19.2) but the resst of the issues remains.

Last edited 3 years ago by thomas (previous) (diff)

comment:5 by thomas, 3 years ago

Owner: changed from blfs-book@… to thomas
Status: newassigned

in reply to:  4 comment:6 by Pierre Labastie, 3 years ago

Replying to thomas:

how to find out where the real source is?

Use "git clone", then "git checkout <tag>": that is the real source. Other things are packages or releases...

https://dist.libuv.org/dist/v1.19.2/libuv-v1.19.2.tar.gz differs from https://github.com/libuv/libuv/archive/v1.19.2.tar.gz, the first tarred a directory named libuv-v1.19.2, the seconds one is libuv-1.19.2 and therefore, the md5sums does not match at all. I personally more and more untrust all that github projects.

Well, I do not see what is less trustable on github than on any other site :)

Upstream packaging is faulty when you cannot find a md5sum (or shaxsum) or pgp signature. But this is not github's fault (sometimes there are signature or hash on the "release" pages on github). There is a signature on dist.libuv.org...

See also https://github.com/libuv/libuv/tree/master

If ok so far, i'd like to use the dist.libuv.org archive or is there a guideline to prefer github? I'd than use that of course.

One cannot tell at first: it depends on how reliable the server is. In this case, I'd be inclined to go to dist.libuv.org

Btw, there was a typo in my URLs (1.9.2 instead of 1.19.2) but the resst of the issues remains.

Normally, Armin's trick should work too. But as said above, it seems better to use dist.libuv.org

Last edited 3 years ago by Pierre Labastie (previous) (diff)

comment:7 by thomas, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r19933

Note: See TracTickets for help on using tickets.