Mismatched SHA Values in pkg-config-0.29.2.tar.gz
Jamie Albert
jamie.albert at chainguard.dev
Wed Dec 4 20:14:23 UTC 2024
I think the root of the issue is not addressed by your response, there is
no indication that redirecting location should be a required flag. The url
in the release notes should be inherently correct. I am concerned that the
file being hosted at the http url SHA value is different from what is seen
when using https and investigation into what that non-matching file
actually is should be done. I am concerned these requests are being
redirected.
On Wed, Dec 4, 2024 at 1:32 PM Tollef Fog Heen <tfheen at err.no> wrote:
> ]] Jamie Albert
>
> > Hello! I have found something concerning, about mismatched SHA values in
> pkg-config-0.29.2.tar.gz and have opened a
> > ticket with more details here:
> https://gitlab.freedesktop.org/pkg-config/pkg-config/-/issues/84 would
> really
> > appreciate some insight into the issue. Thanks in advance for your time!
>
> I've verified that the sha256sum on disk matches.
>
> I suspect that you've just forgotten to add -L when calling curl; http
> just redirects to https.
>
> --
> Tollef Fog Heen
> UNIX is user friendly, it's just picky about who its friends are
>
--
Jamie Albert
Software Engineer
Chainguard
jamie.albert at chainguard.dev | 541.788.4610 | chainguard.dev
<http://www.chainguard.dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/pkg-config/attachments/20241204/6aa3e2b4/attachment.htm>
More information about the pkg-config
mailing list