[opam-devel] Stable archive checksums

Anil Madhavapeddy anil at recoil.org
Thu Jun 26 20:22:15 BST 2014


On 26 Jun 2014, at 17:58, Markus Mottl <markus.mottl at gmail.com> wrote:

> Hi,
> 
> since a lot of OPAM packagers are using Github, to which I'm
> transitioning my projects, I just wondered how you are dealing with
> the problem of downloading archives with stable checksums.
> 
> The online information is rather confusing, but it is my impression
> that there is no guarantee that downloading an archive from Github
> will give you files with equivalent checksums.  Github apparently
> doesn't support download pages with fixed files anymore unlike
> Bitbucket, which I'm currently using.  AFAIK, Github cleans out
> generated archive files if not downloaded again soon enough so there
> is some chance that changes to e.g. git, tar, or gzip could screw up
> archive checksums.
> 
> Any suggestions on how to best interact with Github for downloading
> stable packages via OPAM?

GitHub does support downloadable binary archives, but it's called
"Releases".  See for example:

https://github.com/ocaml/opam/releases

for the binary uploads against a tag.

API is here:
https://developer.github.com/v3/repos/releases/

My OCaml GitHub bindings have a little command line utility to upload stuff via the command-line (you can probably do the same with Curl as well).

```
opam install github
git-upload-release --help
```

cheers,
Anil


More information about the opam-devel mailing list