[Buildroot] [PATCH 1/6] python-urwid: bump version and add checksums
Christophe Vu-Brugier
cvubrugier at fastmail.fm
Tue Sep 1 11:37:54 UTC 2015
Hi Baruch,
Thank you for your review!
On Tue, 1 Sep 2015 13:08:16 +0300, Baruch Siach wrote :
> On Tue, Sep 01, 2015 at 10:10:27AM +0200, Christophe Vu-Brugier wrote:
> > Signed-off-by: Christophe Vu-Brugier <cvubrugier at fastmail.fm>
> > ---
> > package/python-urwid/python-urwid.hash | 3 +++
> > package/python-urwid/python-urwid.mk | 2 +-
> > 2 files changed, 4 insertions(+), 1 deletion(-)
> > create mode 100644 package/python-urwid/python-urwid.hash
> >
> > diff --git a/package/python-urwid/python-urwid.hash b/package/python-urwid/python-urwid.hash
> > new file mode 100644
> > index 0000000..2b18082
> > --- /dev/null
> > +++ b/package/python-urwid/python-urwid.hash
> > @@ -0,0 +1,3 @@
> > +# md from https://pypi.python.org/pypi?:action=show_md5&digest=a989acd54f4ff1a554add464803a9175, sha256 locally computed
>
> This is weird. You put the MD5 in the URL to retrieve the same MD5? Is there a
> way to lookup the MD5 using the package name? If not, I guess that
> https://pypi.python.org/pypi/urwid/1.3.0 would be good enough.
I noticed that other packages downloaded from PyPI (e.g. python-tornado,
python-requests) have the same header in their hash file and decided to
do the same.
I am not aware of a way to lookup the checksum from the package name.
The only association I see between a package name and its checksum is
the URL to download a package from PyPI. For instance:
https://pypi.python.org/packages/source/u/urwid/urwid-1.3.0.tar.gz#md5=a989acd54f4ff1a554add464803a9175
The "show_md5" action displays the MD5 if it is known. For instance :
https://pypi.python.org/pypi?:action=show_md5&digest=a989acd54f4ff1a554add464803a9175
displays a989acd54f4ff1a554add464803a9175
Whereas
https://pypi.python.org/pypi?:action=show_md5&digest=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
displays 404 not found
Anyway, I am OK with using https://pypi.python.org/pypi/urwid/1.3.0 or
https://pypi.python.org/packages/source/u/urwid/urwid-1.3.0.tar.gz#md5=a989acd54f4ff1a554add464803a9175
if you prefer.
What do other developers think? What is the best header for the hash
file of a PyPI package?
With best regards,
--
Christophe Vu-Brugier
More information about the buildroot
mailing list