GNU bug report logs -
#53119
[PATCH] gnu: reuse: Update to 0.14.0.
Previous Next
Reported by: Felix Gruber <felgru <at> posteo.net>
Date: Fri, 7 Jan 2022 18:10:02 UTC
Severity: normal
Tags: patch
Done: Nicolas Goaziou <mail <at> nicolasgoaziou.fr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 53119 in the body.
You can then email your comments to 53119 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#53119; Package
guix-patches.
(Fri, 07 Jan 2022 18:10:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Felix Gruber <felgru <at> posteo.net>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 07 Jan 2022 18:10:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/license.scm (reuse): Update to 0.14.0.
---
gnu/packages/license.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/license.scm b/gnu/packages/license.scm
index 79ad3df4c8..cc6b03b412 100644
--- a/gnu/packages/license.scm
+++ b/gnu/packages/license.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2018–2021 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2020, 2021 Michael Rohleder <mike <at> rohleder.de>
;;; Copyright © 2021 Tanguy Le Carrour <tanguy <at> bioneland.org>
+;;; Copyright © 2022 Felix Gruber <felgru <at> posteo.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -167,13 +168,13 @@ belonging to various licenses.")
(define-public reuse
(package
(name "reuse")
- (version "0.13.0")
+ (version "0.14.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "reuse" version))
(sha256
- (base32 "00gqpw124lz6kf3gi6m2i1bnxp3k5n3id0bgqff0bj08jga7pj49"))))
+ (base32 "1q84qv982y67inqb67iy3r6z7339593w7zdaaxswjqxfrd1by7bp"))))
(build-system python-build-system)
(native-inputs
(list python-pytest python-setuptools-scm))
--
2.30.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#53119; Package
guix-patches.
(Sat, 08 Jan 2022 23:21:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 53119 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
User: guix
Usertags: reviewed looks-good
(I'm experimenting with usertags)
Hi,
I verified the following:
* [x] it builds reproducibly on my machine (a x86_64) (using --
rounds=2)
$ guix hash --serializer=nar /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0
> 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
If you have x86_64, please check if you have the same result!
* [x] When I do "./pre-inst-env guix refresh -u reuse", I end up with
the same version and base32 as in your patch, so no ‘Tricking peer
review’-style issue seems to have happened .
Ignoring uid and file name prefix differences, the tarball from pypi
and https://github.com/fsfe/reuse-tool/archive/refs/tags/v0.14.0.tar.gz
are the same (using diffoscope), so no pypi compromise appears to have
happened.
* [x] The diff between the old and new version (using diffoscope) seems reasonable,
no malware appears to have crept in.
* [x] no dependents (using guix refresh -l), so no world-rebuild issues.
Seems ok to apply to me!
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#53119; Package
guix-patches.
(Sat, 08 Jan 2022 23:21:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 53119 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
User: guix
Usertags: reviewed looks-good
(I'm experimenting with usertags)
Hi,
I verified the following:
* [x] it builds reproducibly on my machine (a x86_64) (using --
rounds=2)
$ guix hash --serializer=nar /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0
> 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
If you have x86_64, please check if you have the same result!
* [x] When I do "./pre-inst-env guix refresh -u reuse", I end up with
the same version and base32 as in your patch, so no ‘Tricking peer
review’-style issue seems to have happened .
Ignoring uid and file name prefix differences, the tarball from pypi
and https://github.com/fsfe/reuse-tool/archive/refs/tags/v0.14.0.tar.gz
are the same (using diffoscope), so no pypi compromise appears to have
happened.
* [x] The diff between the old and new version (using diffoscope) seems reasonable,
no malware appears to have crept in.
* [x] no dependents (using guix refresh -l), so no world-rebuild issues.
Seems ok to apply to me!
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#53119; Package
guix-patches.
(Sun, 09 Jan 2022 08:54:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 53119 <at> debbugs.gnu.org (full text, mbox):
Hi Maxime,
On 1/9/22 00:19, Maxime Devos wrote:
> * [x] it builds reproducibly on my machine (a x86_64) (using --
> rounds=2)
>
> $ guix hash --serializer=nar /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0
> > 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
>
> If you have x86_64, please check if you have the same result!
I confirm that I get the same hash
1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
when I run your guix hash command.
Reply sent
to
Nicolas Goaziou <mail <at> nicolasgoaziou.fr>:
You have taken responsibility.
(Tue, 11 Jan 2022 09:43:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Felix Gruber <felgru <at> posteo.net>:
bug acknowledged by developer.
(Tue, 11 Jan 2022 09:43:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 53119-done <at> debbugs.gnu.org (full text, mbox):
Hello
Felix Gruber <felgru <at> posteo.net> writes:
> Hi Maxime,
>
> On 1/9/22 00:19, Maxime Devos wrote:
>> * [x] it builds reproducibly on my machine (a x86_64) (using --
>> rounds=2)
>> $ guix hash --serializer=nar
>> /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0
>> > 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
>> If you have x86_64, please check if you have the same result!
>
> I confirm that I get the same hash
> 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
> when I run your guix hash command.
Applied. Thank you for the patch, and thanks to Maxime for the thorough
review.
Regards,
--
Nicolas Goaziou
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 08 Feb 2022 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 78 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.