[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
How do I verify my hashes?
From: |
jgart |
Subject: |
How do I verify my hashes? |
Date: |
Sat, 9 Jul 2022 21:12:59 -0500 |
Hi Guixers,
Today Bonface mentioned to me that I should be cloning my packages and
verifying the hashes with `git hash-object` or `git hash` iirc?
Do others do this when packaging?
My workflow currently is the lazy way:
1. I change the version in the package definition.
2. build the package
3. package blows up on stdout
4. I retrieve the hash and add it
5. profit!
But how can I trust that computed hash?
wdyt
Am I committing a newbie sin with the above workflow?
I know `guix refresh` exists but sometimes it is slowwww (e.g. outdated *.go)
I know `make go-clean` exists but sometimes it breaks things in my tree...
Should I stop worrying and just `git send-email --to="guix-patches@gnu.org" -1`?
all best,
jgart
- How do I verify my hashes?,
jgart <=