Mark H Weaver <mhw@netris.org> skribis:
Toggle quote (25 lines)
> ludo@gnu.org (Ludovic Courtès) writes:>>> Mark H Weaver <mhw@netris.org> skribis:>>>>> I just realized that my x86_64 and Loongson 3A systems have spent an>>> enormous amount of time building the new guix master branch based on>>> outdated bootstrap/*/guile-2.0.9.tar.xz.>>>>>> The issue is that if you simply "git pull" from a build directory with>>> older versions of bootstrap/*/guile-2.0.9.tar.xz, although the various>>> places where the hashes are stored are updated, those new hashes are>>> never checked against the existing files. Therefore, you can proceed to>>> build an entire system based on an outdated bootstrap guile, and with>>> hashes that don't match what's on hydra and what other people are>>> building.>>>> Right, ‘guix pull’ doesn’t survive updates of the bootstrap Guile>> tarballs, because it doesn’t try to download it (see ‘build-guix’ in>> guix/build/pull.scm.) That’s rare in practice, but still a serious>> limitation as you note. :-/>> Hmm, yes, I suppose that "guix pull" is more relevant for typical users,> but actually that's not what I was talking about above. I was talking> about "git pull" followed by "make".
Ah, sorry! Ah yes, I see what the problem is. Onlybuild-aux/download.scm checks the hash, so indeed, if the file is staleor modified later, Guix doesn’t notice.
Perhaps we should add a ‘check-hash’ rule or something in the makefile,that automatically triggers before installation or something?
Ludo’.