From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Sat, 14 May 2022 12:51:42 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1nppN8-00CtBZ-Ns
	for lore@lore.pengutronix.de; Sat, 14 May 2022 12:51:42 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1nppN7-0006z7-UQ; Sat, 14 May 2022 12:51:41 +0200
Received: from mail-vs1-xe2f.google.com ([2607:f8b0:4864:20::e2f])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92)
 (envelope-from <bruno.thomsen@gmail.com>) id 1nppMI-0006yD-UC
 for ptxdist@pengutronix.de; Sat, 14 May 2022 12:50:54 +0200
Received: by mail-vs1-xe2f.google.com with SMTP id b7so6480170vsq.1
 for <ptxdist@pengutronix.de>; Sat, 14 May 2022 03:50:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
 bh=NV4Uj1M7NwC4DZLZIib2DiimVzWJpSpFZt4ev0kt85U=;
 b=WhkhpWFUAkvVYrNe4o6fP0N9ogxW4YJLFl+r1wB2P9K3OzFTMcRwkHZTVWnn9TT91N
 uRuYQaDDmQK/LxkrsIozdjb/pygeBolmSTSE1u7aduSPIwbB8Be1AxI5hCann9a9CCbK
 bk1cOCNNWm617pp8zpHUNwx8N6bl2PGhEQaQlUt4QIIqsHvNwGtOmCvr7GNed1VyRDrY
 zg6x7HTpbyfHfNZ4byGxLGgpN/7XLc61r7KFMrKPiFDXmyRpsv+NeqRCeR05ehsrgSxm
 3xEmXhLWVWBgmptkJEf7LnKSnmZYP/JVI/WFghbJ/E/GGskDfWJ3seqiKCL0G/OfLqQr
 zVIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to;
 bh=NV4Uj1M7NwC4DZLZIib2DiimVzWJpSpFZt4ev0kt85U=;
 b=ig0dRHz8AU2izRU+3PNZYIY/u/D2tzcb4kUZbDgTebdAugAKAQe1C82WBsWdjHgDYY
 J3UzO4qHLn5B5AfWWEI2KIt+qBXH5mBY5nf9IYC1FSi1Xt7jB41H4nfhazd/I4wwReAw
 M+Tr8c0xeJna9eSw0JpuibVDYVHZZHjDpS/1UDUoCCo9klsG+K/ySKMNC1ZUPlSa7df3
 Qv844jvqjqo8FAh2cbQTgoE7NHEibjxsqP74evFGXKrnXYZKzx+FD6FGm4ch/cqLn9A5
 Bs89UYQ9Svcvo/1wok47g4z+45Nqna8d+JYbEiop7aNy0RLPGTR641xgxPeaKRwU+DuY
 f/hA==
X-Gm-Message-State: AOAM531s9Owmo+18cixrW5tYWQbgxV0eruqynze2iIRpC0ZUCy0muvUl
 JpYiEzg8sX3l2liPHNOAEQKKgjJEhHb6NZ1slaA=
X-Google-Smtp-Source: ABdhPJzxZzpPulyYpAheMJkz3KLA/hJM/Y5h+DftoEXha4yPXtolvXL1z0xj62nnxDjHnahuuEmqp/xd2qmtVVJxQ5g=
X-Received: by 2002:a67:e311:0:b0:331:972b:9e93 with SMTP id
 j17-20020a67e311000000b00331972b9e93mr3339700vsf.63.1652525448943; Sat, 14
 May 2022 03:50:48 -0700 (PDT)
MIME-Version: 1.0
References: <20220509120548.4509-1-bruno.thomsen@gmail.com>
 <Yn4Fi6dPK1BUs/b3@pengutronix.de>
In-Reply-To: <Yn4Fi6dPK1BUs/b3@pengutronix.de>
From: Bruno Thomsen <bruno.thomsen@gmail.com>
Date: Sat, 14 May 2022 12:50:33 +0200
Message-ID: <CAH+2xPAWS3G+RoJgo7Rzmy2wRY7H1JZ7xa0+WAg1m3_zeiWBmQ@mail.gmail.com>
To: Bruno Thomsen <bruno.thomsen@gmail.com>, ptxdist@pengutronix.de
Content-Type: text/plain; charset="UTF-8"
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.ext.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
 RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
 autolearn=ham autolearn_force=no version=3.4.2
Subject: Re: [ptxdist] [PATCH 1/2] python3-gunicorn: new package
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Den fre. 13. maj 2022 kl. 09.15 skrev Michael Olbrich
<m.olbrich@pengutronix.de>:
>
> On Mon, May 09, 2022 at 02:05:47PM +0200, Bruno Thomsen wrote:
> > Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX.
> >
> > Requirement for python3-falcon package.
> >
> > Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
> > ---
> >  rules/python3-gunicorn.in   | 11 +++++++
> >  rules/python3-gunicorn.make | 57 +++++++++++++++++++++++++++++++++++++
> >  2 files changed, 68 insertions(+)
> >  create mode 100644 rules/python3-gunicorn.in
> >  create mode 100644 rules/python3-gunicorn.make

> > +# Paths and names
> > +#
> > +PYTHON3_GUNICORN_VERSION     := 20.1.0
> > +PYTHON3_GUNICORN_MD5         := ac6254576d53c2ede3456561af3f0549
>
> ptxdist: error: Wrong md5sum for 'python3-gunicorn' (.../src/gunicorn-20.1.0.tar.gz)
>
> What's going on here?
>

Hi Michael,

That is strange so I will dig deeper into this.

Our 3rd party dependencies are stored in a maven repository so I can
easily go back and get the old hash file.

ac6254576d53c2ede3456561af3f0549:
Downloaded from ptx/mirror-pypi 4/4-22.

db8a7c5c2064000af70286534803bf1d:
Downloaded from ptx/mirror-pypi 14/5-22.

----------------8<-----------------------------

ls -l
total 724
drwxrwxr-x. 7 bruno bruno   4096 12 feb  2021
gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549
drwxr-xr-x. 7 bruno bruno   4096 27 mar  2021
gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d
-rw-r--r--. 1 bruno bruno 354960 14 maj 11:55
gunicorn-20.1.0.tar.gz.ac6254576d53c2ede3456561af3f0549
-rw-r--r--. 1 bruno bruno 370601 14 maj 11:55
gunicorn-20.1.0.tar.gz.db8a7c5c2064000af70286534803bf1d

----------------8<-----------------------------

Something has changed in the file even if it's the same package version.
The new file is around 15K bigger then the old one.

Let's locate added/removed/changed files.

----------------8<-----------------------------

cd gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/; find . -type f
-exec md5sum {} + | awk '{print $2 " " $1}' | sort > ../ac62.log; cd -
cd gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/; find . -type f
-exec md5sum {} + | awk '{print $2 " " $1}' | sort > ../db8a.log; cd -

diff -u --color ac62.log db8a.log
--- ac62.log 2022-05-14 12:24:23.879695053 +0200
+++ db8a.log 2022-05-14 12:24:29.658740539 +0200
@@ -1,5 +1,3 @@
-./appveyor.yml bf726b6d38fe739d0ce85347b6920b1a
-./CONTRIBUTING.md c90900532ee96f9f0628996678ad847e
 ./docs/gunicorn_ext.py 92e1e306d274bc426936d7d869c83e24
 ./docs/logo/gunicorn.png 2f1ea5be10f85687cf3aa18c2c8630d4
 ./docs/logo/gunicorn.svg a3a7ea42b3244422f7a893e7e79300ee
@@ -138,6 +136,13 @@
 ./gunicorn/arbiter.py 21989aa239bcb2e08b82937d694372fc
 ./gunicorn/config.py 497e9a051d2b578fb4da7f4f0e1b80ad
 ./gunicorn/debug.py 380b0787c429aa7b9e4982f0f40c5a5a
+./gunicorn.egg-info/dependency_links.txt 68b329da9893e34099c7d8ad5cb9c940
+./gunicorn.egg-info/entry_points.txt 99220ac82ecf0327be9a9408bb4e7264
+./gunicorn.egg-info/not-zip-safe 68b329da9893e34099c7d8ad5cb9c940
+./gunicorn.egg-info/PKG-INFO 2cc0989287a8ec45c837c23386a7e5fc
+./gunicorn.egg-info/requires.txt 432b975e80c2fd6a8a90fa9656cf3f59
+./gunicorn.egg-info/SOURCES.txt 802689c49aa6bb426dba36c9fbcd904f
+./gunicorn.egg-info/top_level.txt b4e582fbec7d7ee5253b0afcf4063449
 ./gunicorn/errors.py ed93944e0b91e1546220686e9ce983bb
 ./gunicorn/glogging.py 015ea63387d08f09e4ef6cbaadf171d3
 ./gunicorn/http/body.py 175b02e961bc2f81adaaa07a6f95c6eb
@@ -166,16 +171,13 @@
 ./gunicorn/workers/sync.py 659cb0f8197a0916c9ec5a2b9ce49a3e
 ./gunicorn/workers/workertmp.py 4d961797f72bc61868b2e218fbf9857f
 ./LICENSE f75f3fb94cdeab1d607e2adaa6077752
-./MAINTAINERS dfbfe4c49e8a0e2835b5a6e0305d1719
-./Makefile f655c000182827cff72803ac4e6be357
 ./MANIFEST.in ea4e22f5a74bd4b6039ba6840f27a47c
 ./NOTICE 4ff3dba58ace0076580106c9f300ae68
-./.pylintrc ec0d83fb315bf216c6e2fff9434bcc78
+./PKG-INFO 2cc0989287a8ec45c837c23386a7e5fc
 ./README.rst 99bc9aa2bc6875dc46d65beb8f0fb1ae
 ./requirements_dev.txt b553389a8cf923276becc7faed4b4899
 ./requirements_test.txt a1677998f8d772c35e48601cfb885a43
-./scripts/update_thanks.py bd9c215fe3200edf433f2a68a1167440
-./setup.cfg 837af3a24e0c3f201c4a81226bb019bf
+./setup.cfg 2d3f98eaab1812a5edd280bb18f243d3
 ./setup.py a748b86c25e165c86175ce6d2d1b6dfa
 ./tests/config/__init__.py d41d8cd98f00b204e9800998ecf8427e
 ./tests/config/test_cfg_alt.py 284d27ff498c3badae9f164550c0fed7
@@ -315,5 +317,3 @@
 ./tests/workers/test_geventlet.py 5cbb5945a1a816d26af38e012a250bae
 ./tests/workers/test_ggevent.py 7bd10538d8df95c35c0da1ea20b44b63
 ./THANKS 4d2ec48c381175c4f003309016691eae
-./tox.ini d4ce66c531dded8c8403fdad1cfbc858
-./.travis.yml ec6cb8c8410da9f824195880f9306ecb

----------------8<-----------------------------

So some egg and pkg info has been added and some CI has
been removed. Let's look into the setup.cfg as that might be
the most interesting files that has changed.

----------------8<-----------------------------

diff -u --color
gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/setup.cfg
gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/setup.cfg
--- gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/setup.cfg
2021-02-12 22:43:44.000000000 +0100
+++ gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/setup.cfg
2021-03-27 02:49:35.000000000 +0100
@@ -5,3 +5,8 @@

 [metadata]
 license_file = LICENSE
+
+[egg_info]
+tag_build =
+tag_date = 0
+

----------------8<-----------------------------

I have looked into the other added files and I don't think this
is a malicious change but most likely a fixup of a semi broken
release. IMHO they should have patch/bugfix bumped the
package.

I will send a version 2 of the patch.

/Bruno