https://bugzilla.redhat.com/show_bug.cgi?id=1294523 --- Comment #8 from Simone Caronni <negativo17@xxxxxxxxx> --- Hi Vitaly, this does not really work, as the various tools will complain that the tarball specified in the URL of the spec file does not match the checksum of the tarball that is actually shipped in the src.rpm; prompting you to do something because the tarball has been tampered with. I would personally do something like that: 1- Change source0 to read the following: Source0: %{name}-%{shortcommit0}.tar.xz 2- Adjust your script to do the checkout and repack as follows (this is an example): #!/bin/sh TARBALL=purple-skypeweb git clone -q https://github.com/EionRobb/skype4pidgin.git cd skype4pidgin COMMIT=$(git log -n 1 --format=%H) SHORTCOMMIT=${COMMIT:0:7} mv skypeweb ../$TARBALL-$COMMIT cd .. tar -cJf $TARBALL-$SHORTCOMMIT.tar.xz $TARBALL-$COMMIT rm -fr skype4pidgin echo commit0 $COMMIT echo Source0 $TARBALL-$SHORTCOMMIT.tar.xz When running, you will get this output, so you can paste the commit id directly in the spec file: $ ./purple-skypeweb-tarball.sh commit0 eb0b5000c56c9c264375ab2334c926c9715ee3d0 Source0 purple-skypeweb-eb0b500.tar.xz This way, the Source0 is only checked locally and you won't have hash mismatches, you have a consistent SPEC file with commits etc., source is reduced and you provide the tarball script. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/package-review@xxxxxxxxxxxxxxxxxxxxxxx