On Tue, Jan 07, 2014 at 09:25:36AM +0100, Simone Caronni wrote: > On 6 January 2014 20:53, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > slaanesh:BADSOURCE:dkms-2.2.0.3.tar.gz:dkms > > > Downloading the file again gives a different md5sum, but the release tarball is > the same, so probably the archive has been regenerated. > > What's the procedure to update the source files in the lookaside cache when the > file name has not changed? fedpkg new-sources does not allow me to do it: > This should work. > $ fedpkg new-sources dkms-2.2.0.3.tar.gz > Uploading: 11a8aaade2ebec2803653837c7593030 dkms-2.2.0.3.tar.gz > File already uploaded: dkms-2.2.0.3.tar.gz > Uploaded and added to .gitignore: > Source upload succeeded. Don't forget to commit the sources file > Looking at the lookaside cache directly, it looks like that file has been uploaded previously (in lookaside, there's currently two tarballs for dkms-2.2.0.3.tar.gz with two separate md5sums). Has the upstream perhaps released a tarball, released a new tarball, and then reverted to the original one? One option is to change the sources file to reflect the new md5sum. You may also want to check that the new tarball and the tarball in the lookaside cache *really* are the same. A hash collision is unlikely but if that were the case we'd want to be extra certain about what's going on before blindly accepting the changed tarball. You can retrieve the tarballs in lookaside directly from here: http://pkgs.fedoraproject.org/lookaside/pkgs/dkms/dkms-2.2.0.3.tar.gz/ -Toshio
Attachment:
pgpGwPKHOflZ6.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
