svn fetch multiple directories
Mojca Miklavec
mojca at macports.org
Tue Oct 14 04:30:35 PDT 2014
On Tue, Oct 14, 2014 at 4:51 PM, Clemens Lang <cal at macports.org> wrote:
> Hi,
>
> ----- On 14 Oct, 2014, at 08:39, Mojca Miklavec mojca at macports.org wrote:
>
>> - One could fetch files from SVN, zip them, checksum the zip, store
>> the zip as if the zip was fetched from elsewhere and just unzip that
>> file during the repeated installation. Fetching from SVN doesn't mean
>> that we cannot use checksums and other benefits.
>
> That only holds true if zip doesn't have any side effects, like storing
> the creation date or similar.
Yes, some care needs to be taken, but I'm sure that something is feasible.
A while ago I played with git and found a way to do tar.gz/bz/xz files
in a reproducible way. This also means that fetching from GIT (and
probably from SVN as well) could still lead to .tar.gz files being
available on the mirrors.
SVN might(?) need some touching of folders to make sure that
timestamps are not off, but that's pure speculation.
> I'd rather propose to add a checksum using the method outlined in the
> SPDX specification, version 1.2, section 4.7 [1] (which is basically a
> hash of the concatenation of a sorted list of hashes of files in a
> package).
>
>
> [1] http://spdx.org/sites/spdx/files/spdx-1%202.pdf
The drawback would be that one would have to extract files and
checksum all the files before being able to tell whether the file is
OK.
Either way, my point was that there is absolutely no need to keep
avoiding SVN just because "we cannot do any checksums".
Mojca
More information about the macports-dev
mailing list