Re: [ptxdist] [PATCH 1/2] python3-gunicorn: new package

[Bruno Thomsen <bruno.thomsen@gmail.com>]

Den fre. 13. maj 2022 kl. 09.15 skrev Michael Olbrich
<m.olbrich@pengutronix.de>:
>
> On Mon, May 09, 2022 at 02:05:47PM +0200, Bruno Thomsen wrote:
> > Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX.
> >
> > Requirement for python3-falcon package.
> >
> > Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
> > ---
> >  rules/python3-gunicorn.in   | 11 +++++++
> >  rules/python3-gunicorn.make | 57 +++++++++++++++++++++++++++++++++++++
> >  2 files changed, 68 insertions(+)
> >  create mode 100644 rules/python3-gunicorn.in
> >  create mode 100644 rules/python3-gunicorn.make

> > +# Paths and names
> > +#
> > +PYTHON3_GUNICORN_VERSION     := 20.1.0
> > +PYTHON3_GUNICORN_MD5         := ac6254576d53c2ede3456561af3f0549
>
> ptxdist: error: Wrong md5sum for 'python3-gunicorn' (.../src/gunicorn-20.1.0.tar.gz)
>
> What's going on here?
>

Hi Michael,

That is strange so I will dig deeper into this.

Our 3rd party dependencies are stored in a maven repository so I can
easily go back and get the old hash file.

ac6254576d53c2ede3456561af3f0549:
Downloaded from ptx/mirror-pypi 4/4-22.

db8a7c5c2064000af70286534803bf1d:
Downloaded from ptx/mirror-pypi 14/5-22.

----------------8<-----------------------------

ls -l
total 724
drwxrwxr-x. 7 bruno bruno   4096 12 feb  2021
gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549
drwxr-xr-x. 7 bruno bruno   4096 27 mar  2021
gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d
-rw-r--r--. 1 bruno bruno 354960 14 maj 11:55
gunicorn-20.1.0.tar.gz.ac6254576d53c2ede3456561af3f0549
-rw-r--r--. 1 bruno bruno 370601 14 maj 11:55
gunicorn-20.1.0.tar.gz.db8a7c5c2064000af70286534803bf1d

----------------8<-----------------------------

Something has changed in the file even if it's the same package version.
The new file is around 15K bigger then the old one.

Let's locate added/removed/changed files.

----------------8<-----------------------------

cd gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/; find . -type f
-exec md5sum {} + | awk '{print $2 " " $1}' | sort > ../ac62.log; cd -
cd gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/; find . -type f
-exec md5sum {} + | awk '{print $2 " " $1}' | sort > ../db8a.log; cd -

diff -u --color ac62.log db8a.log
--- ac62.log 2022-05-14 12:24:23.879695053 +0200
+++ db8a.log 2022-05-14 12:24:29.658740539 +0200
@@ -1,5 +1,3 @@
-./appveyor.yml bf726b6d38fe739d0ce85347b6920b1a
-./CONTRIBUTING.md c90900532ee96f9f0628996678ad847e
 ./docs/gunicorn_ext.py 92e1e306d274bc426936d7d869c83e24
 ./docs/logo/gunicorn.png 2f1ea5be10f85687cf3aa18c2c8630d4
 ./docs/logo/gunicorn.svg a3a7ea42b3244422f7a893e7e79300ee
@@ -138,6 +136,13 @@
 ./gunicorn/arbiter.py 21989aa239bcb2e08b82937d694372fc
 ./gunicorn/config.py 497e9a051d2b578fb4da7f4f0e1b80ad
 ./gunicorn/debug.py 380b0787c429aa7b9e4982f0f40c5a5a
+./gunicorn.egg-info/dependency_links.txt 68b329da9893e34099c7d8ad5cb9c940
+./gunicorn.egg-info/entry_points.txt 99220ac82ecf0327be9a9408bb4e7264
+./gunicorn.egg-info/not-zip-safe 68b329da9893e34099c7d8ad5cb9c940
+./gunicorn.egg-info/PKG-INFO 2cc0989287a8ec45c837c23386a7e5fc
+./gunicorn.egg-info/requires.txt 432b975e80c2fd6a8a90fa9656cf3f59
+./gunicorn.egg-info/SOURCES.txt 802689c49aa6bb426dba36c9fbcd904f
+./gunicorn.egg-info/top_level.txt b4e582fbec7d7ee5253b0afcf4063449
 ./gunicorn/errors.py ed93944e0b91e1546220686e9ce983bb
 ./gunicorn/glogging.py 015ea63387d08f09e4ef6cbaadf171d3
 ./gunicorn/http/body.py 175b02e961bc2f81adaaa07a6f95c6eb
@@ -166,16 +171,13 @@
 ./gunicorn/workers/sync.py 659cb0f8197a0916c9ec5a2b9ce49a3e
 ./gunicorn/workers/workertmp.py 4d961797f72bc61868b2e218fbf9857f
 ./LICENSE f75f3fb94cdeab1d607e2adaa6077752
-./MAINTAINERS dfbfe4c49e8a0e2835b5a6e0305d1719
-./Makefile f655c000182827cff72803ac4e6be357
 ./MANIFEST.in ea4e22f5a74bd4b6039ba6840f27a47c
 ./NOTICE 4ff3dba58ace0076580106c9f300ae68
-./.pylintrc ec0d83fb315bf216c6e2fff9434bcc78
+./PKG-INFO 2cc0989287a8ec45c837c23386a7e5fc
 ./README.rst 99bc9aa2bc6875dc46d65beb8f0fb1ae
 ./requirements_dev.txt b553389a8cf923276becc7faed4b4899
 ./requirements_test.txt a1677998f8d772c35e48601cfb885a43
-./scripts/update_thanks.py bd9c215fe3200edf433f2a68a1167440
-./setup.cfg 837af3a24e0c3f201c4a81226bb019bf
+./setup.cfg 2d3f98eaab1812a5edd280bb18f243d3
 ./setup.py a748b86c25e165c86175ce6d2d1b6dfa
 ./tests/config/__init__.py d41d8cd98f00b204e9800998ecf8427e
 ./tests/config/test_cfg_alt.py 284d27ff498c3badae9f164550c0fed7
@@ -315,5 +317,3 @@
 ./tests/workers/test_geventlet.py 5cbb5945a1a816d26af38e012a250bae
 ./tests/workers/test_ggevent.py 7bd10538d8df95c35c0da1ea20b44b63
 ./THANKS 4d2ec48c381175c4f003309016691eae
-./tox.ini d4ce66c531dded8c8403fdad1cfbc858
-./.travis.yml ec6cb8c8410da9f824195880f9306ecb

----------------8<-----------------------------

So some egg and pkg info has been added and some CI has
been removed. Let's look into the setup.cfg as that might be
the most interesting files that has changed.

----------------8<-----------------------------

diff -u --color
gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/setup.cfg
gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/setup.cfg
--- gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/setup.cfg
2021-02-12 22:43:44.000000000 +0100
+++ gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/setup.cfg
2021-03-27 02:49:35.000000000 +0100
@@ -5,3 +5,8 @@

 [metadata]
 license_file = LICENSE
+
+[egg_info]
+tag_build =
+tag_date = 0
+

----------------8<-----------------------------

I have looked into the other added files and I don't think this
is a malicious change but most likely a fixup of a semi broken
release. IMHO they should have patch/bugfix bumped the
package.

I will send a version 2 of the patch.

/Bruno