ports/189666: devel/py-demjson: unfetchable due to rerolled tarball

Bartłomiej Rutkowski r at robakdesign.com
Mon May 26 23:04:53 UTC 2014 

Wiadomość napisana przez John Marino <freebsd.contact at marino.st> w dniu 26 maj 2014, o godz. 22:40:

> On 5/26/2014 22:31, Bartłomiej Rutkowski wrote:
>> 
>> Wiadomość napisana przez Bartłomiej Rutkowski <r at robakdesign.com> w dniu 26 maj 2014, o godz. 22:23:
>> 
>>> 
>>> Wiadomość napisana przez John Marino <freebsd.contact at marino.st> w dniu 26 maj 2014, o godz. 22:18:
>>> 
>>>> On 5/26/2014 22:12, Bartłomiej Rutkowski wrote:
>>>>> SHA256 (demjson-2.0.tar.gz) = 24f638daa0c28a9d44db2282d46ea3edfd4c7d11a656e38677b741620bf1483d
>>>>> SIZE (demjson-2.0.tar.gz) = 115914
>>>>> 
>>>>> what perfectly matches what the author says it should be. I've asked him if he can check his release system and distfiles providers to see if he can spot any changes and if he can by any chance match our sum/size that's incorrect to anything around there.
>>>>> 
>>>>> Any chance you or anyone else have the 'bad' distfiles available on their system for inspection?
>>>> 
>>>> I have the original 2.0 (One of the ones upstream says never existed):
>>>> http://muscles.dragonflybsd.org/misc/demjson-2.0.tar.gz
>>>> 189103 May 26 13:15 demjson-2.0.tar.gz
>>>> 
>>>> So 2.0 built once, but then the distfile changed not once but twice and
>>>> the 115k version is the at least the 3rd iteration.  I never got the
>>>> intermediate iteration.
>>>> 
>>>> Regards,
>>>> John
>>>> 
>>> 
>>> Thanks - I've passed that to the author and I am waiting for his thoughts on what's happening here. I'll inspect the distfile on my own as soon as possible, most probably tomorrow - I'll update you if I find anything.
>>> 
>>> Kind regards,
>>> Bartek Rutkowski
>> 
>> John, would you still have the logs showing from which distribution channgel this file was fetched on your system? That would help to figure out what's happening, if we could track down where it is happening. 
>> 
>> So far the author said your distfile 'looks like his code with some additional debug files included, that should not be there'.
>> 
> 
> This is the distinfo file that is *currently* listed in the port:
> http://www.freshports.org/devel/py-demjson
> http://svnweb.freebsd.org/ports/head/devel/py-demjson/distinfo?revision=353206&view=co
> 
> it was introduced by you:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/189442
> 
> It was the standard "make fetch" command that retrieved it.
> I may or may not have a log, I don't think it will be interesting.  It
> came from the MASTER_SITES.  It clearly was distributed by upstream.
> Somebody's left hand isn't talking to their right hand.
> 
> John

Here's the final explanation from the author:

***
This almost certainly was an unintentional error on my part when interacting with the PyPI repository.  A pre-release snapshot must have somehow gotten published just prior to the final version being uploaded.

I think this may have been due to Python's MANIFEST.in using wildcards and picking up some stray working copies of files that were not part of the official distribution.  There may have been 2 or 3 minutes between the pypi register step and the file upload step during which time an incorrect version may have appeared in the index ... though PyPI doesn't seem to provide any way for me to look at the history in enough detail to know for sure.

I am prepared to make version 2.0.1
***

I've asked him for confirmation if what's up there now (24f638daa0c28a9d44db2282d46ea3edfd4c7d11a656e38677b741620bf1483d) is what he wants it to be, and it if is, then we'll get distfiles fixed, hopefully, for the last time, as I've also asked him for caution when releasing the code and at least minor version bumps, when he wants to push anything new. He's been very cooperative so far.

Kind regards,
Bartek Rutkowski

More information about the freebsd-python mailing list