Message ID | 20240111053157.2928259-1-james.hilliard1@gmail.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [1/1] package/python-ruamel-yaml: bump to version 0.18.5 | expand |
>>>>> "James" == James Hilliard <james.hilliard1@gmail.com> writes: > License hash changed due to year update: > https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/ > Signed-off-by: James Hilliard <james.hilliard1@gmail.com> > --- > package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++--- > package/python-ruamel-yaml/python-ruamel-yaml.mk | 4 ++-- > 2 files changed, 5 insertions(+), 5 deletions(-) > diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash > index 29852a51ed..7b5dc1e29a 100644 > --- a/package/python-ruamel-yaml/python-ruamel-yaml.hash > +++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash > @@ -1,5 +1,5 @@ > # md5, sha256 from https://pypi.org/pypi/rfc3987/json > -md5 206bda0f33ab2c2f63777636200748b7 ruamel.yaml-0.17.21.tar.gz > -sha256 8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af ruamel.yaml-0.17.21.tar.gz > +md5 24fac3544a3c7bd7eeaf6e4f704a056e ruamel.yaml-0.18.5.tar.gz > +sha256 ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 ruamel.yaml-0.18.5.tar.gz Hmm, I get a different hash: ruamel.yaml-0.18.5.tar.gz: OK (md5: 24fac3544a3c7bd7eeaf6e4f704a056e) ERROR: while checking hashes from package/python-ruamel-yaml//python-ruamel-yaml.hash ERROR: ruamel.yaml-0.18.5.tar.gz has wrong sha256 hash: ERROR: expected: ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 ERROR: got : 61917e3a35a569c1133a8f772e1226961bf5a1198bea7e23f06a0841dea1ab0e ERROR: Incomplete download, or man-in-the-middle (MITM) attack Any ideas?
Hi Peter, James On 05.02.24 12:39, Peter Korsgaard wrote: >>>>>> "James" == James Hilliard <james.hilliard1@gmail.com> writes: > > > License hash changed due to year update: > > https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/ > > > Signed-off-by: James Hilliard <james.hilliard1@gmail.com> > > --- > > package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++--- > > package/python-ruamel-yaml/python-ruamel-yaml.mk | 4 ++-- > > 2 files changed, 5 insertions(+), 5 deletions(-) > > > diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash > > index 29852a51ed..7b5dc1e29a 100644 > > --- a/package/python-ruamel-yaml/python-ruamel-yaml.hash > > +++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash > > @@ -1,5 +1,5 @@ > > # md5, sha256 from https://pypi.org/pypi/rfc3987/json I think this comment is pointing to the wrong package, maybe some automation went wrong because of that? > > -md5 206bda0f33ab2c2f63777636200748b7 ruamel.yaml-0.17.21.tar.gz > > -sha256 8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af ruamel.yaml-0.17.21.tar.gz > > +md5 24fac3544a3c7bd7eeaf6e4f704a056e ruamel.yaml-0.18.5.tar.gz > > +sha256 ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 ruamel.yaml-0.18.5.tar.gz > > > Hmm, I get a different hash: > > ruamel.yaml-0.18.5.tar.gz: OK (md5: 24fac3544a3c7bd7eeaf6e4f704a056e) > ERROR: while checking hashes from package/python-ruamel-yaml//python-ruamel-yaml.hash > ERROR: ruamel.yaml-0.18.5.tar.gz has wrong sha256 hash: > ERROR: expected: ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 > ERROR: got : 61917e3a35a569c1133a8f772e1226961bf5a1198bea7e23f06a0841dea1ab0e This is the correct one according to https://pypi.org/project/ruamel.yaml/ > ERROR: Incomplete download, or man-in-the-middle (MITM) attack > > Any ideas? > Marcus
On Mon, Feb 5, 2024 at 4:39 AM Peter Korsgaard <peter@korsgaard.com> wrote: > > >>>>> "James" == James Hilliard <james.hilliard1@gmail.com> writes: > > > License hash changed due to year update: > > https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/ > > > Signed-off-by: James Hilliard <james.hilliard1@gmail.com> > > --- > > package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++--- > > package/python-ruamel-yaml/python-ruamel-yaml.mk | 4 ++-- > > 2 files changed, 5 insertions(+), 5 deletions(-) > > > diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash > > index 29852a51ed..7b5dc1e29a 100644 > > --- a/package/python-ruamel-yaml/python-ruamel-yaml.hash > > +++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash > > @@ -1,5 +1,5 @@ > > # md5, sha256 from https://pypi.org/pypi/rfc3987/json > > -md5 206bda0f33ab2c2f63777636200748b7 ruamel.yaml-0.17.21.tar.gz > > -sha256 8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af ruamel.yaml-0.17.21.tar.gz > > +md5 24fac3544a3c7bd7eeaf6e4f704a056e ruamel.yaml-0.18.5.tar.gz > > +sha256 ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 ruamel.yaml-0.18.5.tar.gz > > > Hmm, I get a different hash: > > ruamel.yaml-0.18.5.tar.gz: OK (md5: 24fac3544a3c7bd7eeaf6e4f704a056e) > ERROR: while checking hashes from package/python-ruamel-yaml//python-ruamel-yaml.hash > ERROR: ruamel.yaml-0.18.5.tar.gz has wrong sha256 hash: > ERROR: expected: ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 > ERROR: got : 61917e3a35a569c1133a8f772e1226961bf5a1198bea7e23f06a0841dea1ab0e > ERROR: Incomplete download, or man-in-the-middle (MITM) attack Looks like I typo'd the package hash(copy pasted license hash to package hash), fixed in v2: https://patchwork.ozlabs.org/project/buildroot/patch/20240205163024.500599-1-james.hilliard1@gmail.com/ > > Any ideas? > > -- > Bye, Peter Korsgaard
diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.hash b/package/python-ruamel-yaml/python-ruamel-yaml.hash index 29852a51ed..7b5dc1e29a 100644 --- a/package/python-ruamel-yaml/python-ruamel-yaml.hash +++ b/package/python-ruamel-yaml/python-ruamel-yaml.hash @@ -1,5 +1,5 @@ # md5, sha256 from https://pypi.org/pypi/rfc3987/json -md5 206bda0f33ab2c2f63777636200748b7 ruamel.yaml-0.17.21.tar.gz -sha256 8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af ruamel.yaml-0.17.21.tar.gz +md5 24fac3544a3c7bd7eeaf6e4f704a056e ruamel.yaml-0.18.5.tar.gz +sha256 ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 ruamel.yaml-0.18.5.tar.gz # Locally computed sha256 checksums -sha256 ab837b032c5aae84503fc0c733a116a26fd272e90dc4402fa68d3c9e51aed3b0 LICENSE +sha256 ba45629abb7022949148ce65de4a59e7ee164d30c94450389a6afdd3ebe4e9e0 LICENSE diff --git a/package/python-ruamel-yaml/python-ruamel-yaml.mk b/package/python-ruamel-yaml/python-ruamel-yaml.mk index a6fed3bc2c..bbdac591ca 100644 --- a/package/python-ruamel-yaml/python-ruamel-yaml.mk +++ b/package/python-ruamel-yaml/python-ruamel-yaml.mk @@ -4,9 +4,9 @@ # ################################################################################ -PYTHON_RUAMEL_YAML_VERSION = 0.17.21 +PYTHON_RUAMEL_YAML_VERSION = 0.18.5 PYTHON_RUAMEL_YAML_SOURCE = ruamel.yaml-$(PYTHON_RUAMEL_YAML_VERSION).tar.gz -PYTHON_RUAMEL_YAML_SITE = https://files.pythonhosted.org/packages/46/a9/6ed24832095b692a8cecc323230ce2ec3480015fbfa4b79941bd41b23a3c +PYTHON_RUAMEL_YAML_SITE = https://files.pythonhosted.org/packages/82/43/fa976e03a4a9ae406904489119cd7dd4509752ca692b2e0a19491ca1782c PYTHON_RUAMEL_YAML_SETUP_TYPE = setuptools PYTHON_RUAMEL_YAML_LICENSE = MIT PYTHON_RUAMEL_YAML_LICENSE_FILES = LICENSE
License hash changed due to year update: https://sourceforge.net/p/ruamel-yaml/code/ci/56b3e2666fb275deab3eec99193c103e4edf93bb/ Signed-off-by: James Hilliard <james.hilliard1@gmail.com> --- package/python-ruamel-yaml/python-ruamel-yaml.hash | 6 +++--- package/python-ruamel-yaml/python-ruamel-yaml.mk | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-)