search

janestreet / ppx_optcomp

Optional compilation for OCaml
MIT License
65 stars 18 forks source link

Broken opam package #15

Closed lthms closed 3 years ago

lthms commented 3 years ago

Dear ppx_optcomp maintainers.

If I am not mistaken, you have overwritten the 0.14.3 tag yesterday, which means GitHub created a new archive with different md5 checksum, which then means the opam file in ocaml/opam-repository is outdated. And indeed, if I download the 0.14.3 archive has not the same checksum as the one mentioned in the opam file in the repository.

If I am right, I would advise against overwritten git tags, for these kind of reasons 😅.

Thanks!

n-raymond commented 3 years ago

Hi! Observing the same issue!

Checksum for 0.14.3 is different between the downloaded archive and opam file.


>  opam info ppx_optcomp.v0.14.3

<><> ppx_optcomp: information on all versions <><><><><><><><><><><><><><><><><>
name                   ppx_optcomp
all-installed-versions v0.14.1
                       [...]
all-versions           v0.14.3

<><> Version-specific details <><><><><><><><><><><><><><><><><><><><><><><><><>
version       v0.14.3
repository    tezos
url.src:      "https://github.com/janestreet/ppx_optcomp/archive/v0.14.3.tar.gz"
url.checksum:
          "md5=2d012df62dd0bc82d2ea4ab25b628992"
homepage:     "https://github.com/janestreet/ppx_optcomp"
bug-reports:  "https://github.com/janestreet/ppx_optcomp/issues"
dev-repo:     "git+https://github.com/janestreet/ppx_optcomp.git"
authors:      "Jane Street Group, LLC <opensource@janestreet.com>"
maintainer:   "opensource@janestreet.com"
license:      "MIT"
depends:      "ocaml" {>= "4.08"}
              "base" {>= "v0.14" & < "v0.15"}
              "stdio" {>= "v0.14" & < "v0.15"}
              "dune" {>= "2.0.0"}
              "ppxlib" {>= "0.18.0"}
synopsis      Optional compilation for OCaml
 ``
olafhering commented 3 years ago

Such tag update happen on a regular base in various ocaml repositories....

Let me cite the git tag man page:

... No. Find and read it yourself and find the relevant paragraph about such wrongdoing...

olafhering commented 3 years ago

This also shows a flaw in opam itself.

It should not use mutable git tags, but rather immutable git revisions to refer to a specific version. There is still git push --force, which may invalidate a git revision after a while. And I can tell you: such forced pushes happen as well...