Sporadic update PRs with invalid checksums for SourceForge URLs #168
Comments
This comment has been minimized.
This comment has been minimized.
|
There are multiple other apps hit by this at the same time, and seems like all affected sources are hosted on SourceForge. |
|
Thanks @gasinvein for mentioning the affected MRs here :) |
|
Any idea what has happened? Probably some SourceForge issue? Looking at flathub download cache, it seems like this has occurred before. |
|
Source forge seems to have no permalinks to source code and/or employing some sort of blocking which results in the external data checker getting confused. |
|
Given that |
|
Iirc they send a valid page that is just HTML. At least that's what I got last time. So it's more of a figuring out how to use source forge than external a data checker issue. |
|
This hit me for the first time today :) flathub/org.tuxpaint.Tuxpaint#15 – I wish we had the contents of the offending page, given that we could add a hack… |
Oh, I missed this point before. I know it's an awful kludge but maybe we should denylist this checksum. Another idea: https://github.com/flathub/flatpak-external-data-checker/blob/master/src/lib/utils.py#L116-L129 There is no check that the response code is |
|
I'm considering this as the last resort. Maybe we could check |
gasinvein
changed the title
|
We've captured the erroneous page contents. As of time of whiting this post, it's available in flathub download cache. The contents are: <html><head>
<title>SourceForge</title>
<!-- <script src="/js/jquery.com/jquery-1.11.0.min.js"></script> -->
<script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
<script src="https://sourceforge.net/js/mirrors.js"></script>
<script src="/js/sf.js"></script>
<script>
var DR_loc = DR_parse_hash_url();
if (DR_loc) {
DR_sf_main(DR_loc);
} else {
window.location.href = 'https://sourceforge.net/home.html';
}
</script>
<meta name="description" content="Free, secure and fast downloads from the largest Open Source applications and software directory - SourceForge.net"/>
</head><body>
<noscript>
We're sorry -- the Sourceforge site is currently in Disaster Recovery mode. Please check back later.
</noscript>
</body></html> |
Hi,
today the flathubbot opened a strange PR on org.gnome.Chess. PR is opened for dependency which doesn't have
x-data-checkeroptions set up and it just changed the hash without changing the URL. I looked at the URL and the file had last update in 2016.I will close the PR for now, because the build is failing anyway.
The text was updated successfully, but these errors were encountered: