Comments (18)
Thanks for reporting. Checking what's the issue. And many thanks for sponsoring me :)
from xplr.
I think I have a guess about what's going on. I just had a flashback about an email that I read on the reproducible builds mailing list:
https://lore.kernel.org/git/[email protected]/t/
This means that the output of git archive
that GitHub uses does not match the actual git archive
command that is used here:
Line 121 in ea8a1fc
As outlined in the mailing list, there seems to be a workaround:
git -c tar.tar.gz.command='gzip -cn' archive --format tar.gz ...
I think it's worth considering. I can submit a PR to try out this approach if you think it is applicable.
from xplr.
Reached at the same conclusion anyway :D
from xplr.
I'd say let's not rely on github's ever-changing archive format, and attach our own source.tar.gz.
from xplr.
Hmm, that's right. I think overriding the tar.tar.gz.command
is a quick and easy solution.
from xplr.
I got matching checksums with the following script:
#!/usr/bin/env bash
set -eux
git clone https://github.com/sayanarijit/xplr
git -C xplr -c tar.tar.gz.command='gzip -cn' archive --format tar.gz -o source.tar.gz --prefix xplr-0.20.0/ v0.20.0
mv xplr/source.tar.gz .
wget https://github.com/sayanarijit/xplr/archive/refs/tags/v0.20.0.tar.gz
sha256sum *.tar.gz
c4d63d9e1e313eeeb2e6d8d17e30b18ee4b8be01c419f08a89959fe5a4a09ac0 source.tar.gz
c4d63d9e1e313eeeb2e6d8d17e30b18ee4b8be01c419f08a89959fe5a4a09ac0 v0.20.0.tar.gz
from xplr.
Yay! Finally! Thanks a lot 👍
from xplr.
Done 🎉
➜ xplr git:(main)
REPO_URL="https://github.com/sayanarijit/xplr"
wget -qO source.tar.gz.asc "$REPO_URL/releases/download/v0.20.0/source.tar.gz.asc"
wget -qO source.tar.gz "$REPO_URL/archive/refs/tags/v0.20.0.tar.gz"
gpg --verify source.tar.gz.asc
gpg: assuming signed data in 'source.tar.gz'
gpg: Signature made Sun 30 Oct 2022 01:47:25 AM IST
gpg: using RSA key D59CA14710C17C6B24717AF90F8EF5258DC38077
gpg: Good signature from "Arijit Basu (June 3, 2021) <[email protected]>" [ultimate]
from xplr.
I postponed updating the Arch Linux package due to this issue.
from xplr.
My bad. Last comment (now deleted) was a mistake...
➜ xplr git:(main) ✗ gpg --verify source.tgz.asc
gpg: assuming signed data in 'source.tgz'
gpg: Signature made Sat 29 Oct 2022 03:00:03 AM IST
gpg: using RSA key D59CA14710C17C6B24717AF90F8EF5258DC38077
gpg: BAD signature from "Arijit Basu (June 3, 2021) <[email protected]>" [ultimate]
➜ xplr git:(main) ✗
➜ xplr git:(main) ✗ wget -qO xplr.tgz https://github.com/sayanarijit/xplr/releases/download/v0.20.0/xplr-linux.tar.gz
➜ xplr git:(main) ✗ wget -qO xplr.tgz.asc https://github.com/sayanarijit/xplr/releases/download/v0.20.0/xplr-linux.tar.gz.asc
➜ xplr git:(main) ✗ gpg --verify xplr.tgz.asc
gpg: assuming signed data in 'xplr.tgz'
gpg: Signature made Sat 29 Oct 2022 03:05:05 AM IST
gpg: using RSA key D59CA14710C17C6B24717AF90F8EF5258DC38077
gpg: Good signature from "Arijit Basu (June 3, 2021) <[email protected]>" [ultimate]
Debugging further...
from xplr.
Ok, turns out this method to archive git repo no longer matches the actual archive.
➜ xplr git:(main) gco v0.20.0
Note: switching to 'v0.20.0'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 70cb745 Implement and expose xplr.util
➜ xplr git:(70cb745) git archive -o xplr-0.20.0.tar.gz --format tar.gz --prefix "xplr-0.20.0/" "v0.20.0"
➜ xplr git:(70cb745) ✗ mv xplr-0.20.0.tar.gz source.tar.gz
➜ xplr git:(70cb745) ✗ mkdir downloaded
➜ xplr git:(70cb745) ✗ REPO_URL="https://github.com/sayanarijit/xplr"
➜ xplr git:(70cb745) ✗ wget -qO downloaded/source.tar.gz "$REPO_URL/releases/download/v0.20.0/source.tar.gz"
➜ xplr git:(70cb745) ✗ shasum source.tar.gz
e973ed9d06b70b3ccfa4c5a276532cd2cc79de47 source.tar.gz
➜ xplr git:(70cb745) ✗ shasum downloaded/source.tar.gz
da39a3ee5e6b4b0d3255bfef95601890afd80709 downloaded/source.tar.gz
from xplr.
Oops, accidentally closed the issue. JYNX BTW!
from xplr.
Or maybe not, this could raise security concerns.
from xplr.
Not matching either...
➜ xplr git:(70cb745) ✗ REPO_URL="https://github.com/sayanarijit/xplr"
➜ xplr git:(70cb745) ✗ wget -qO downloaded/source.tar.gz "$REPO_URL/releases/download/v0.20.0/source.tar.gz"
➜ xplr git:(70cb745) ✗ git -c tar.tar.gz.command='gzip -cn' archive --format tar.gz -o xplr-0.20.0.tar.gz --prefix xplr-0.20.0/ v0.20.0
➜ xplr git:(70cb745) ✗ mv xplr-0.20.0.tar.gz source.tar.gz
➜ xplr git:(70cb745) ✗ shasum downloaded/source.tar.gz
da39a3ee5e6b4b0d3255bfef95601890afd80709 downloaded/source.tar.gz
➜ xplr git:(70cb745) ✗ shasum source.tar.gz
e973ed9d06b70b3ccfa4c5a276532cd2cc79de47 source.tar.gz
from xplr.
wget -qO downloaded/source.tar.gz "$REPO_URL/releases/download/v0.20.0/source.tar.gz"
Are you sure this is the right URL? I think it should be $REPO_URL/archive/refs/tags/v0.20.0.tar.gz
from xplr.
➜ xplr git:(70cb745) ✗ wget -qO downloaded/source.tar.gz "$REPO_URL/archive/refs/tags/v0.20.0.tar.gz"
➜ xplr git:(70cb745) ✗ shasum downloaded/source.tar.gz
e973ed9d06b70b3ccfa4c5a276532cd2cc79de47 downloaded/source.tar.gz
🤦♂️
from xplr.
I'll update the key manually this time...
from xplr.
Arch package is updated 🚀 all good.
from xplr.
Related Issues (20)
- Process exits when trying to open any text file on editor HOT 4
- How can I use "emacsclient -t" as EDITOR for xplr? HOT 5
- How to change selection pane size? HOT 2
- Provide option to sort based on user created custom column HOT 3
- Incorrect fuzzy search behavior HOT 4
- Mapping function keys higher than F12 does not work HOT 3
- How about adding a command line to enhance the usability? HOT 2
- Hitting enter after esc takes a long time HOT 6
- closing `xplr` with `q` or closing the terminal window closes any files opened in gui HOT 3
- Deleting files should not move the cursor to the top HOT 3
- Support Binstall HOT 1
- Support Debian/Ubuntu/Snapcraft HOT 20
- Separation Releases HOT 3
- Installing in Termux HOT 3
- xplr.util.lscolor returns nil for normal files HOT 2
- Unable to see all terminal history when accesing it from :! HOT 2
- xplr.util.is_file has a typo
- Incorrect style and meta for directory with extension in name
- Documentation sidemenu always obscures main content and cannot be hidden
- xplr crashes if terminal has <= 94 columns HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xplr.