diff mbox series

[1/1] package/python-ruamel-yaml: bump to version 0.18.5

Message ID 20240111053157.2928259-1-james.hilliard1@gmail.com
State Changes Requested
Headers show
Series [1/1] package/python-ruamel-yaml: bump to version 0.18.5 | expand

Commit Message

James Hilliard Jan. 11, 2024, 5:31 a.m. UTC 
License hash changed due to year update:
https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
 package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++---
 package/python-ruamel-yaml/python-ruamel-yaml.mk   | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

Comments

Peter Korsgaard Feb. 5, 2024, 11:39 a.m. UTC | #1 
>>>>> "James" == James Hilliard <james.hilliard1@gmail.com> writes:

 > License hash changed due to year update:
 > https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/

 > Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
 > ---
 >  package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++---
 >  package/python-ruamel-yaml/python-ruamel-yaml.mk   | 4 ++--
 >  2 files changed, 5 insertions(+), 5 deletions(-)

 > diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash
 > index 29852a51ed..7b5dc1e29a 100644
 > --- a/package/python-ruamel-yaml/python-ruamel-yaml.hash
 > +++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash
 > @@ -1,5 +1,5 @@
 >  # md5, sha256 from https://pypi.org/pypi/rfc3987/json
 > -md5  206bda0f33ab2c2f63777636200748b7  ruamel.yaml-0.17.21.tar.gz
 > -sha256  8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af  ruamel.yaml-0.17.21.tar.gz
 > +md5  24fac3544a3c7bd7eeaf6e4f704a056e  ruamel.yaml-0.18.5.tar.gz
 > +sha256  ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0  ruamel.yaml-0.18.5.tar.gz


Hmm, I get a different hash:

ruamel.yaml-0.18.5.tar.gz: OK (md5: 24fac3544a3c7bd7eeaf6e4f704a056e)
ERROR: while checking hashes from package/python-ruamel-yaml//python-ruamel-yaml.hash
ERROR: ruamel.yaml-0.18.5.tar.gz has wrong sha256 hash:
ERROR: expected: ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0
ERROR: got     : 61917e3a35a569c1133a8f772e1226961bf5a1198bea7e23f06a0841dea1ab0e
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

Any ideas?
Marcus Hoffmann Feb. 5, 2024, 1:18 p.m. UTC | #2 
Hi Peter, James

On 05.02.24 12:39, Peter Korsgaard wrote:
>>>>>> "James" == James Hilliard <james.hilliard1@gmail.com> writes:
> 
>   > License hash changed due to year update:
>   > https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/
> 
>   > Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
>   > ---
>   >  package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++---
>   >  package/python-ruamel-yaml/python-ruamel-yaml.mk   | 4 ++--
>   >  2 files changed, 5 insertions(+), 5 deletions(-)
> 
>   > diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash
>   > index 29852a51ed..7b5dc1e29a 100644
>   > --- a/package/python-ruamel-yaml/python-ruamel-yaml.hash
>   > +++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash
>   > @@ -1,5 +1,5 @@
>   >  # md5, sha256 from https://pypi.org/pypi/rfc3987/json

I think this comment is pointing to the wrong package, maybe some 
automation went wrong because of that?

>   > -md5  206bda0f33ab2c2f63777636200748b7  ruamel.yaml-0.17.21.tar.gz
>   > -sha256  8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af  ruamel.yaml-0.17.21.tar.gz
>   > +md5  24fac3544a3c7bd7eeaf6e4f704a056e  ruamel.yaml-0.18.5.tar.gz
>   > +sha256  ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0  ruamel.yaml-0.18.5.tar.gz
> 
> 
> Hmm, I get a different hash:
> 
> ruamel.yaml-0.18.5.tar.gz: OK (md5: 24fac3544a3c7bd7eeaf6e4f704a056e)
> ERROR: while checking hashes from package/python-ruamel-yaml//python-ruamel-yaml.hash
> ERROR: ruamel.yaml-0.18.5.tar.gz has wrong sha256 hash:
> ERROR: expected: ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0
> ERROR: got     : 61917e3a35a569c1133a8f772e1226961bf5a1198bea7e23f06a0841dea1ab0e

This is the correct one according to https://pypi.org/project/ruamel.yaml/

> ERROR: Incomplete download, or man-in-the-middle (MITM) attack
> 
> Any ideas?
> 

Marcus
James Hilliard Feb. 5, 2024, 4:32 p.m. UTC | #3 
On Mon, Feb 5, 2024 at 4:39 AM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "James" == James Hilliard <james.hilliard1@gmail.com> writes:
>
>  > License hash changed due to year update:
>  > https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/
>
>  > Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
>  > ---
>  >  package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++---
>  >  package/python-ruamel-yaml/python-ruamel-yaml.mk   | 4 ++--
>  >  2 files changed, 5 insertions(+), 5 deletions(-)
>
>  > diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash
>  > index 29852a51ed..7b5dc1e29a 100644
>  > --- a/package/python-ruamel-yaml/python-ruamel-yaml.hash
>  > +++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash
>  > @@ -1,5 +1,5 @@
>  >  # md5, sha256 from https://pypi.org/pypi/rfc3987/json
>  > -md5  206bda0f33ab2c2f63777636200748b7  ruamel.yaml-0.17.21.tar.gz
>  > -sha256  8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af  ruamel.yaml-0.17.21.tar.gz
>  > +md5  24fac3544a3c7bd7eeaf6e4f704a056e  ruamel.yaml-0.18.5.tar.gz
>  > +sha256  ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0  ruamel.yaml-0.18.5.tar.gz
>
>
> Hmm, I get a different hash:
>
> ruamel.yaml-0.18.5.tar.gz: OK (md5: 24fac3544a3c7bd7eeaf6e4f704a056e)
> ERROR: while checking hashes from package/python-ruamel-yaml//python-ruamel-yaml.hash
> ERROR: ruamel.yaml-0.18.5.tar.gz has wrong sha256 hash:
> ERROR: expected: ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0
> ERROR: got     : 61917e3a35a569c1133a8f772e1226961bf5a1198bea7e23f06a0841dea1ab0e
> ERROR: Incomplete download, or man-in-the-middle (MITM) attack

Looks like I typo'd the package hash(copy pasted license hash to
package hash), fixed in v2:
https://patchwork.ozlabs.org/project/buildroot/patch/20240205163024.500599-1-james.hilliard1@gmail.com/

>
> Any ideas?
>
> --
> Bye, Peter Korsgaard
diff mbox series

Patch

diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash
index 29852a51ed..7b5dc1e29a 100644
--- a/package/python-ruamel-yaml/python-ruamel-yaml.hash
+++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash
@@ -1,5 +1,5 @@ 
 # md5, sha256 from https://pypi.org/pypi/rfc3987/json
-md5  206bda0f33ab2c2f63777636200748b7  ruamel.yaml-0.17.21.tar.gz
-sha256  8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af  ruamel.yaml-0.17.21.tar.gz
+md5  24fac3544a3c7bd7eeaf6e4f704a056e  ruamel.yaml-0.18.5.tar.gz
+sha256  ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0  ruamel.yaml-0.18.5.tar.gz
 # Locally computed sha256 checksums
-sha256  ab837b032c5aae84503fc0c733a116a26fd272e90dc4402fa68d3c9e51aed3b0  LICENSE
+sha256  ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0  LICENSE
diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.mk b/package/python-ruamel-yaml/python-ruamel-yaml.mk
index a6fed3bc2c..bbdac591ca 100644
--- a/package/python-ruamel-yaml/python-ruamel-yaml.mk
+++ b/package/python-ruamel-yaml/python-ruamel-yaml.mk
@@ -4,9 +4,9 @@ 
 #
 ################################################################################
 
-PYTHON_RUAMEL_YAML_VERSION = 0.17.21
+PYTHON_RUAMEL_YAML_VERSION = 0.18.5
 PYTHON_RUAMEL_YAML_SOURCE = ruamel.yaml-$(PYTHON_RUAMEL_YAML_VERSION).tar.gz
-PYTHON_RUAMEL_YAML_SITE = https://files.pythonhosted.org/packages/46/a9/6ed24832095b692a8cecc323230ce2ec3480015fbfa4b79941bd41b23a3c
+PYTHON_RUAMEL_YAML_SITE = https://files.pythonhosted.org/packages/82/43/fa976e03a4a9ae406904489119cd7dd4509752ca692b2e0a19491ca1782c
 PYTHON_RUAMEL_YAML_SETUP_TYPE = setuptools
 PYTHON_RUAMEL_YAML_LICENSE = MIT
 PYTHON_RUAMEL_YAML_LICENSE_FILES = LICENSE