Saturday, 8 September 2018

Ridiculous unusable download URLs for open source projects

I told myself (and everyone I know) that I wouldn't write another blog post until I moved the blog off Google Blogger, but I can't stay silent on this issue.

UPower, the open source power management software used on Linux (and I believe the *BSD family), has recently changed their download URLs. As the lead of Adélie Linux, I personally maintain a significant chunk of "core" desktop experience packages. We consider UPower to be one of those, because it is important to conserve energy whenever possible.

Today I was notified by Repology that UPower was out of date in Adélie. No big deal, I'll just bump it:

>>> upower: Fetching https://upower.freedesktop.org/releases/upower-0.99.8.tar.xz curl: (22) The requested URL returned error: 404 Not Found

"Hmm", I wondered to myself, "maybe this is a git snapshot package someone uploaded". It turns out it wasn't; Debian, Arch, and Fedora are all shipping 0.99.8 now. What gives?

I looked at Debian's packaging first, since they typically have a good hold on stability. I didn't even understand the change, though, so I looked up Exherbo's packaging and was horrified.

Instead of a simple URL, they are now using a GitLab Upload URL which contains an SHA-1 hash in the URL. That means all of our bump scripts can't work any more. Instead of simply typing a single abump command, for every release of UPower I will now have to:

  1. Open their GitLab instance in a Web browser, which isn't even installed on any of the staging computers to minimise security hazards:
  2. Wait for all the JavaScript and miscellaneous crap to load;
  3. Context-click the link for the UPower tarball;
  4. Copy the link;
  5. Connect to our staging system remotely from a computer with a Web browser installed;
  6. Open vim on the APKBUILD file for UPower;
  7. Paste the link into the source= line, replacing what is already there;
  8. And then run abuild checksum manually to update the sha512sum in the file.

WHY!? fd.o people, please, out of respect for us packagers that want to give your software to the people who need it, please use your /releases/ directory again!

1 comment :

  1. The application of CNC lathe is strong, whatever the technique used for the machining of the final element. Another industry that requires tight tolerances for the safety-critical application of CNC lathe is the oil and gasoline industry. This sector leverage the uses of CNC milling machine for exact, dependable parts corresponding to pistons, cylinders, rods, pins, and valves. In this information to CNC machining, you'll methods to|learn Bidet Sprayer to} create environment friendly, manufacturable metal and plastic parts for prototyping and production. Download this information to explore the processes involved in creating sheet metal parts together with how to to|tips on how to} design frequent features and select the proper material.

    ReplyDelete