How do I verify my hashes?

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How do I verify my hashes?

From:	jgart
Subject:	How do I verify my hashes?
Date:	Sat, 9 Jul 2022 21:12:59 -0500

Hi Guixers,

Today Bonface mentioned to me that I should be cloning my packages and
verifying the hashes with `git hash-object` or `git hash` iirc?

Do others do this when packaging?

My workflow currently is the lazy way:

1. I change the version in the package definition.

2. build the package

3. package blows up on stdout

4. I retrieve the hash and add it

5. profit!

But how can I trust that computed hash?

wdyt

Am I committing a newbie sin with the above workflow?

I know `guix refresh` exists but sometimes it is slowwww (e.g. outdated *.go)

I know `make go-clean` exists but sometimes it breaks things in my tree...

Should I stop worrying and just `git send-email --to="guix-patches@gnu.org" -1`?

all best,

jgart

[Prev in Thread]

Current Thread

[Next in Thread]

How do I verify my hashes?, jgart <=
- Re: How do I verify my hashes?, Vagrant Cascadian, 2022/07/10
  - Re: How do I verify my hashes?, Csepp, 2022/07/10
- Re: How do I verify my hashes?, indieterminacy, 2022/07/10
  - Re: How do I verify my hashes?, jgart, 2022/07/10
  - Re: How do I verify my hashes?, Munyoki Kilyungi, 2022/07/14

Prev by Date: Why do we force the lazy python?
Next by Date: Re: How do I verify my hashes?
Previous by thread: Why do we force the lazy python?
Next by thread: Re: How do I verify my hashes?
Index(es):
- Date
- Thread