[opam-devel] Stable archive checksums
Anil Madhavapeddy
anil at recoil.org
Thu Jun 26 20:22:15 BST 2014
On 26 Jun 2014, at 17:58, Markus Mottl <markus.mottl at gmail.com> wrote:
> Hi,
>
> since a lot of OPAM packagers are using Github, to which I'm
> transitioning my projects, I just wondered how you are dealing with
> the problem of downloading archives with stable checksums.
>
> The online information is rather confusing, but it is my impression
> that there is no guarantee that downloading an archive from Github
> will give you files with equivalent checksums. Github apparently
> doesn't support download pages with fixed files anymore unlike
> Bitbucket, which I'm currently using. AFAIK, Github cleans out
> generated archive files if not downloaded again soon enough so there
> is some chance that changes to e.g. git, tar, or gzip could screw up
> archive checksums.
>
> Any suggestions on how to best interact with Github for downloading
> stable packages via OPAM?
GitHub does support downloadable binary archives, but it's called
"Releases". See for example:
https://github.com/ocaml/opam/releases
for the binary uploads against a tag.
API is here:
https://developer.github.com/v3/repos/releases/
My OCaml GitHub bindings have a little command line utility to upload stuff via the command-line (you can probably do the same with Curl as well).
```
opam install github
git-upload-release --help
```
cheers,
Anil
More information about the opam-devel
mailing list