Checksums of packages produced GitLab CI/CD change over time making it impossible to build previous releases.
I was trying setup cross compilation using scripts/bootstrap.sh, I had checked out the tagged release v3.13.2, but the checksums of many packages no longer matched. Resulting in errors like the following:
>>> alpine-conf: Checking sha512sums... alpine-conf-3.11.0.tar.gz: FAILED sha512sum: WARNING: 1 of 1 computed checksums did NOT match Because the remote file above failed the sha512sum check it will be renamed. Rebuilding will cause it to re-download which in some cases may fix the problem. Renaming: alpine-conf-3.11.0.tar.gz to alpine-conf-3.11.0.tar.gz.589278b8
Checking the checksum of the file at time of writing yields:
curl -s https://gitlab.alpinelinux.org/alpine/alpine-conf/-/archive/3.11.0/alpine-conf-3.11.0.tar.gz | sha512sum 3fc373836aa30a2193d76d2cccc50dddb95c21e1f3530bf0b841a815161fea287b9bbb1370d2d2616615448df7fa5791328e59903cf87907477846758c689c38 -
This file https://gitlab.alpinelinux.org/alpine/alpine-conf/-/archive/3.11.0/alpine-conf-3.11.0.tar.gz is changing its contents over time.
But if we check the APKBUILD file for this project the filename stays the same but the checksum changes
This is problematic in that only building of of
master has a chance at working, all previous tagged releases cannot be reliably built, which in turn means I cannot automate cross compliation as it is it can fail at any point in the future when these files are updated for newer releases but still use the same file name.
Is it expected that only the building on the HEAD of master is viable? Or could aports build system be change in such a way as to prevent this issue?