Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mkrelease: explicitly use gzip for tarball generation #904

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

vermeeren
Copy link
Collaborator

Since git v2.38.0 git archive tar.gz format default has changed from invoking gzip to an internal gzip compressor implementation. However, the output bitstream is not identical, meaning the resulting tar.gz archive's checksum is different. This causes problems for PGP signing.

In order to avoid this issue for both old and new archive generation alike manually invoke gzip in mkrelease script, bypassing git archive's internal compression logic completely regardless of version.

GitHub and others presumably use a similar method to deal with this change to keep old tag archive checksums from changing.

Since git v2.38.0 git archive tar.gz format default has changed from
invoking gzip to an internal gzip compressor implementation. However,
the output bitstream is not identical, meaning the resulting tar.gz
archive's checksum is different. This causes problems for PGP signing.

In order to avoid this issue for both old and new archive generation
alike manually invoke gzip in mkrelease script, bypassing git archive's
internal compression logic completely regardless of version.

GitHub and others presumably use a similar method to deal with this
change to keep old tag archive checksums from changing.

* git/git@4f4be00
* https://github.blog/changelog/2023-01-30-git-archive-checksums-may-change/
* https://github.com/orgs/community/discussions/45830
* bazel-contrib/SIG-rules-authors#11
@vermeeren vermeeren linked an issue Mar 31, 2023 that may be closed by this pull request
@vermeeren vermeeren self-assigned this Mar 31, 2023
@vermeeren vermeeren added regression Something broke that worked in the past packaging Requirements, setup.py, etc bug Problem in existing code upstream Issue in external software labels Mar 31, 2023
@vermeeren vermeeren requested a review from michaeljones March 31, 2023 20:18
Copy link
Collaborator

@michaeljones michaeljones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thanks for handling it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Problem in existing code packaging Requirements, setup.py, etc regression Something broke that worked in the past upstream Issue in external software
Projects
None yet
Development

Successfully merging this pull request may close these issues.

No signature for the 4.35.0 release
2 participants