lassik
commented
1 month ago Closed lassik closed 3 weeks ago
lassik
commented
1 month ago 
Retropikzel
commented
1 month ago Would it be okay to use the commit hash zip directly?
In the case of Chibi 0.11 it can be found from https://github.com/ashinn/chibi-scheme/tree/b1a370b218cb13cb8f6c98a087185b0357df8e89
And is https://github.com/ashinn/chibi-scheme/archive/b1a370b218cb13cb8f6c98a087185b0357df8e89.zip
lassik
commented
1 month ago Even though the commit hash is stable, the hash of an archive file generated from that commit may not be stable.
The reason is the same as when using tags: subtle changes to git, gzip, and other software used by GitHub to generate the archives.
lassik
commented
1 month ago The recommended fix is to manually generate a tarball once and then upload that tarball (to GitHub and/or other websites).
Retropikzel
commented
1 month ago How about git checkout of an hash?
In the Chibi case. Get hash: git clone https://github.com/ashinn/chibi-scheme.git --branch=0.11 --depth=1 cd chibi-scheme git rev-parse HEAD
Then in dockerfile:
git clone https://github.com/ashinn/chibi-scheme.git
cd chibi-scheme
git checkout
lassik
commented
1 month ago This is the Chibi-Scheme issue tracker, not a Chibi issue in the scheme-containers issue tracker :)
Git will work fine with either tags or hashes. But Chibi will probably want to be a conventional software project that is usable without version control, and put out source tarballs for that purpose. Most package managers now check downloaded tarballs against known hashes and refuse to build them if the hash doesn't match.
Retropikzel
commented
1 month ago This is the Chibi-Scheme issue tracker, not a Chibi issue in the scheme-containers issue tracker :)
Git will work fine with either tags or hashes. But Chibi will probably want to be a conventional software project that is usable without version control, and put out source tarballs for that purpose. Most package managers now check downloaded tarballs against known hashes and refuse to build them if the hash doesn't match.
Oh sorry about that! I just went trough my notifications and mistook. My comments can be disregarded.
ashinn
commented
1 month ago Those are not release tarballs, they're auto-generated by github whenever a tag is made, and I didn't even realize they were there.
The official release tarballs are here: http://synthcode.com/scheme/chibi/chibi-scheme-0.11.0.tgz
Maybe people expect tarballs on github, I can do that for the next release.
lassik
commented
1 month ago Great. Do you have the full release backlog on that server? I was able to download everything since 0.9.1 by changing the version number in the URL.
I'd like to duplicate the release backlog under https://files.scheme.org/ for posterity. We record hashes for all files there.
lassik
commented
1 month ago I don't know whether or not most people expect tarballs from GitHub, but at the moment at least Homebrew is using one. I can send them a PR to fix the URL. I guess the bottom line is that the right tarballs are hard to find, though it's not clear why.
ashinn
commented
1 month ago Great. Do you have the full release backlog on that server? I was able to download everything since 0.9.1 by changing the version number in the URL.
0.9.0 and 0.8.0 are also there. Prior to that the URL was different and didn't include .0 suffixes:
http://synthcode.com/scheme/chibi-scheme-0.7.3.tgz
This goes back to the 0.1 release.
lassik
commented
1 month ago Thank you. Here's what I did:
#!/bin/sh
set -eux
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.1.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.2.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.3.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.4.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.5.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.5.1.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.5.2.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.5.3.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.6.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.6.1.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.7.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.7.1.tgz
#wget http://synthcode.com/scheme/chibi/chibi-scheme-0.7.2.tgz
wget http://synthcode.com/scheme/chibi/chibi-scheme-0.7.3.tgz
wget http://synthcode.com/scheme/chibi/chibi-scheme-0.8.0.tgz
wget http://synthcode.com/scheme/chibi/chibi-scheme-0.9.0.tgz
wget http://synthcode.com/scheme/chibi/chibi-scheme-0.9.1.tgz
wget http://synthcode.com/scheme/chibi/chibi-scheme-0.10.0.tgz
wget http://synthcode.com/scheme/chibi/chibi-scheme-0.11.0.tgzThe lines commented out with # gave a 404 Not Found. The other lines worked.
ashinn
commented
1 month ago That's not the URL path I gave for the older versions.
lassik
commented
1 month ago My mistake. Here is the fixed script:
#!/bin/sh
set -eu
download() {
test -f "$(basename "$1")" || { sleep 5 && wget "$1"; }
}
download http://synthcode.com/scheme/chibi-scheme-0.1.tgz
download http://synthcode.com/scheme/chibi-scheme-0.2.tgz
download http://synthcode.com/scheme/chibi-scheme-0.3.tgz
#download http://synthcode.com/scheme/chibi-scheme-0.4.tgz
download http://synthcode.com/scheme/chibi-scheme-0.5.tgz
#download http://synthcode.com/scheme/chibi-scheme-0.5.1.tgz
download http://synthcode.com/scheme/chibi-scheme-0.5.2.tgz
download http://synthcode.com/scheme/chibi-scheme-0.5.3.tgz
download http://synthcode.com/scheme/chibi-scheme-0.6.tgz
download http://synthcode.com/scheme/chibi-scheme-0.6.1.tgz
download http://synthcode.com/scheme/chibi-scheme-0.7.tgz
#download http://synthcode.com/scheme/chibi-scheme-0.7.1.tgz
#download http://synthcode.com/scheme/chibi-scheme-0.7.2.tgz
download http://synthcode.com/scheme/chibi-scheme-0.7.3.tgz
download http://synthcode.com/scheme/chibi/chibi-scheme-0.8.0.tgz
download http://synthcode.com/scheme/chibi/chibi-scheme-0.9.0.tgz
download http://synthcode.com/scheme/chibi/chibi-scheme-0.9.1.tgz
download http://synthcode.com/scheme/chibi/chibi-scheme-0.10.0.tgz
download http://synthcode.com/scheme/chibi/chibi-scheme-0.11.0.tgzAgain the # lines returned 404. These versions exist as git tags. Is it correct that tarballs were never released for them?
ashinn
commented
1 month ago Yes, I don't see those versions anywhere on the server.
lassik
commented
1 month ago The full release backlog is now archived at https://files.scheme.org/.
The SHA1 hashes are recorded in the corresponding git repo.
Thank you very much for the help in solving this long-standing todo item.
ashinn
commented
3 weeks ago Also note I've made an official release and added a stable asset:
https://github.com/ashinn/chibi-scheme/releases/download/0.11/chibi-scheme-0.11.0.tgz
I'll do this for subsequent releases as well.
Recent Chibi releases are downloaded from URLs like
https://github.com/ashinn/chibi-scheme/archive/0.10.tar.gzAre these the tarballs auto-generated by GitHub. AFAIK their contents are not guaranteed to stay identical. The file hash of a future tarball from the same URL may be different.