From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 14 May 2022 12:51:42 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nppN8-00CtBZ-Ns for lore@lore.pengutronix.de; Sat, 14 May 2022 12:51:42 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nppN7-0006z7-UQ; Sat, 14 May 2022 12:51:41 +0200 Received: from mail-vs1-xe2f.google.com ([2607:f8b0:4864:20::e2f]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nppMI-0006yD-UC for ptxdist@pengutronix.de; Sat, 14 May 2022 12:50:54 +0200 Received: by mail-vs1-xe2f.google.com with SMTP id b7so6480170vsq.1 for ; Sat, 14 May 2022 03:50:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=NV4Uj1M7NwC4DZLZIib2DiimVzWJpSpFZt4ev0kt85U=; b=WhkhpWFUAkvVYrNe4o6fP0N9ogxW4YJLFl+r1wB2P9K3OzFTMcRwkHZTVWnn9TT91N uRuYQaDDmQK/LxkrsIozdjb/pygeBolmSTSE1u7aduSPIwbB8Be1AxI5hCann9a9CCbK bk1cOCNNWm617pp8zpHUNwx8N6bl2PGhEQaQlUt4QIIqsHvNwGtOmCvr7GNed1VyRDrY zg6x7HTpbyfHfNZ4byGxLGgpN/7XLc61r7KFMrKPiFDXmyRpsv+NeqRCeR05ehsrgSxm 3xEmXhLWVWBgmptkJEf7LnKSnmZYP/JVI/WFghbJ/E/GGskDfWJ3seqiKCL0G/OfLqQr zVIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=NV4Uj1M7NwC4DZLZIib2DiimVzWJpSpFZt4ev0kt85U=; b=ig0dRHz8AU2izRU+3PNZYIY/u/D2tzcb4kUZbDgTebdAugAKAQe1C82WBsWdjHgDYY J3UzO4qHLn5B5AfWWEI2KIt+qBXH5mBY5nf9IYC1FSi1Xt7jB41H4nfhazd/I4wwReAw M+Tr8c0xeJna9eSw0JpuibVDYVHZZHjDpS/1UDUoCCo9klsG+K/ySKMNC1ZUPlSa7df3 Qv844jvqjqo8FAh2cbQTgoE7NHEibjxsqP74evFGXKrnXYZKzx+FD6FGm4ch/cqLn9A5 Bs89UYQ9Svcvo/1wok47g4z+45Nqna8d+JYbEiop7aNy0RLPGTR641xgxPeaKRwU+DuY f/hA== X-Gm-Message-State: AOAM531s9Owmo+18cixrW5tYWQbgxV0eruqynze2iIRpC0ZUCy0muvUl JpYiEzg8sX3l2liPHNOAEQKKgjJEhHb6NZ1slaA= X-Google-Smtp-Source: ABdhPJzxZzpPulyYpAheMJkz3KLA/hJM/Y5h+DftoEXha4yPXtolvXL1z0xj62nnxDjHnahuuEmqp/xd2qmtVVJxQ5g= X-Received: by 2002:a67:e311:0:b0:331:972b:9e93 with SMTP id j17-20020a67e311000000b00331972b9e93mr3339700vsf.63.1652525448943; Sat, 14 May 2022 03:50:48 -0700 (PDT) MIME-Version: 1.0 References: <20220509120548.4509-1-bruno.thomsen@gmail.com> In-Reply-To: From: Bruno Thomsen Date: Sat, 14 May 2022 12:50:33 +0200 Message-ID: To: Bruno Thomsen , ptxdist@pengutronix.de Content-Type: text/plain; charset="UTF-8" X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH 1/2] python3-gunicorn: new package X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Den fre. 13. maj 2022 kl. 09.15 skrev Michael Olbrich : > > On Mon, May 09, 2022 at 02:05:47PM +0200, Bruno Thomsen wrote: > > Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. > > > > Requirement for python3-falcon package. > > > > Signed-off-by: Bruno Thomsen > > --- > > rules/python3-gunicorn.in | 11 +++++++ > > rules/python3-gunicorn.make | 57 +++++++++++++++++++++++++++++++++++++ > > 2 files changed, 68 insertions(+) > > create mode 100644 rules/python3-gunicorn.in > > create mode 100644 rules/python3-gunicorn.make > > +# Paths and names > > +# > > +PYTHON3_GUNICORN_VERSION := 20.1.0 > > +PYTHON3_GUNICORN_MD5 := ac6254576d53c2ede3456561af3f0549 > > ptxdist: error: Wrong md5sum for 'python3-gunicorn' (.../src/gunicorn-20.1.0.tar.gz) > > What's going on here? > Hi Michael, That is strange so I will dig deeper into this. Our 3rd party dependencies are stored in a maven repository so I can easily go back and get the old hash file. ac6254576d53c2ede3456561af3f0549: Downloaded from ptx/mirror-pypi 4/4-22. db8a7c5c2064000af70286534803bf1d: Downloaded from ptx/mirror-pypi 14/5-22. ----------------8<----------------------------- ls -l total 724 drwxrwxr-x. 7 bruno bruno 4096 12 feb 2021 gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549 drwxr-xr-x. 7 bruno bruno 4096 27 mar 2021 gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d -rw-r--r--. 1 bruno bruno 354960 14 maj 11:55 gunicorn-20.1.0.tar.gz.ac6254576d53c2ede3456561af3f0549 -rw-r--r--. 1 bruno bruno 370601 14 maj 11:55 gunicorn-20.1.0.tar.gz.db8a7c5c2064000af70286534803bf1d ----------------8<----------------------------- Something has changed in the file even if it's the same package version. The new file is around 15K bigger then the old one. Let's locate added/removed/changed files. ----------------8<----------------------------- cd gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/; find . -type f -exec md5sum {} + | awk '{print $2 " " $1}' | sort > ../ac62.log; cd - cd gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/; find . -type f -exec md5sum {} + | awk '{print $2 " " $1}' | sort > ../db8a.log; cd - diff -u --color ac62.log db8a.log --- ac62.log 2022-05-14 12:24:23.879695053 +0200 +++ db8a.log 2022-05-14 12:24:29.658740539 +0200 @@ -1,5 +1,3 @@ -./appveyor.yml bf726b6d38fe739d0ce85347b6920b1a -./CONTRIBUTING.md c90900532ee96f9f0628996678ad847e ./docs/gunicorn_ext.py 92e1e306d274bc426936d7d869c83e24 ./docs/logo/gunicorn.png 2f1ea5be10f85687cf3aa18c2c8630d4 ./docs/logo/gunicorn.svg a3a7ea42b3244422f7a893e7e79300ee @@ -138,6 +136,13 @@ ./gunicorn/arbiter.py 21989aa239bcb2e08b82937d694372fc ./gunicorn/config.py 497e9a051d2b578fb4da7f4f0e1b80ad ./gunicorn/debug.py 380b0787c429aa7b9e4982f0f40c5a5a +./gunicorn.egg-info/dependency_links.txt 68b329da9893e34099c7d8ad5cb9c940 +./gunicorn.egg-info/entry_points.txt 99220ac82ecf0327be9a9408bb4e7264 +./gunicorn.egg-info/not-zip-safe 68b329da9893e34099c7d8ad5cb9c940 +./gunicorn.egg-info/PKG-INFO 2cc0989287a8ec45c837c23386a7e5fc +./gunicorn.egg-info/requires.txt 432b975e80c2fd6a8a90fa9656cf3f59 +./gunicorn.egg-info/SOURCES.txt 802689c49aa6bb426dba36c9fbcd904f +./gunicorn.egg-info/top_level.txt b4e582fbec7d7ee5253b0afcf4063449 ./gunicorn/errors.py ed93944e0b91e1546220686e9ce983bb ./gunicorn/glogging.py 015ea63387d08f09e4ef6cbaadf171d3 ./gunicorn/http/body.py 175b02e961bc2f81adaaa07a6f95c6eb @@ -166,16 +171,13 @@ ./gunicorn/workers/sync.py 659cb0f8197a0916c9ec5a2b9ce49a3e ./gunicorn/workers/workertmp.py 4d961797f72bc61868b2e218fbf9857f ./LICENSE f75f3fb94cdeab1d607e2adaa6077752 -./MAINTAINERS dfbfe4c49e8a0e2835b5a6e0305d1719 -./Makefile f655c000182827cff72803ac4e6be357 ./MANIFEST.in ea4e22f5a74bd4b6039ba6840f27a47c ./NOTICE 4ff3dba58ace0076580106c9f300ae68 -./.pylintrc ec0d83fb315bf216c6e2fff9434bcc78 +./PKG-INFO 2cc0989287a8ec45c837c23386a7e5fc ./README.rst 99bc9aa2bc6875dc46d65beb8f0fb1ae ./requirements_dev.txt b553389a8cf923276becc7faed4b4899 ./requirements_test.txt a1677998f8d772c35e48601cfb885a43 -./scripts/update_thanks.py bd9c215fe3200edf433f2a68a1167440 -./setup.cfg 837af3a24e0c3f201c4a81226bb019bf +./setup.cfg 2d3f98eaab1812a5edd280bb18f243d3 ./setup.py a748b86c25e165c86175ce6d2d1b6dfa ./tests/config/__init__.py d41d8cd98f00b204e9800998ecf8427e ./tests/config/test_cfg_alt.py 284d27ff498c3badae9f164550c0fed7 @@ -315,5 +317,3 @@ ./tests/workers/test_geventlet.py 5cbb5945a1a816d26af38e012a250bae ./tests/workers/test_ggevent.py 7bd10538d8df95c35c0da1ea20b44b63 ./THANKS 4d2ec48c381175c4f003309016691eae -./tox.ini d4ce66c531dded8c8403fdad1cfbc858 -./.travis.yml ec6cb8c8410da9f824195880f9306ecb ----------------8<----------------------------- So some egg and pkg info has been added and some CI has been removed. Let's look into the setup.cfg as that might be the most interesting files that has changed. ----------------8<----------------------------- diff -u --color gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/setup.cfg gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/setup.cfg --- gunicorn-20.1.0.ac6254576d53c2ede3456561af3f0549/setup.cfg 2021-02-12 22:43:44.000000000 +0100 +++ gunicorn-20.1.0.db8a7c5c2064000af70286534803bf1d/setup.cfg 2021-03-27 02:49:35.000000000 +0100 @@ -5,3 +5,8 @@ [metadata] license_file = LICENSE + +[egg_info] +tag_build = +tag_date = 0 + ----------------8<----------------------------- I have looked into the other added files and I don't think this is a malicious change but most likely a fixup of a semi broken release. IMHO they should have patch/bugfix bumped the package. I will send a version 2 of the patch. /Bruno