Skip to content

hermes-1.3.4.3 appears in 00-index, but tarball not available for download #436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
snoyberg opened this issue Oct 15, 2015 · 4 comments
Closed

hermes-1.3.4.3 appears in 00-index, but tarball not available for download #436

snoyberg opened this issue Oct 15, 2015 · 4 comments

Comments

@snoyberg
Copy link
Contributor

This is currently breaking multiple mirroring scripts, which do sanity checks (which are rightfully failing). The tarball should either be made available, or the .cabal file removed from the 00-index tarball.
snoyberg added a commit to commercialhaskell/all-cabal-hashes-tool that referenced this issue Oct 15, 2015
@snoyberg
Ignore missing tarballs completely (haskell/hackage-server#436)
922655e
@hvr
Copy link
Member

hvr commented Oct 15, 2015

(related to #382 (comment))

@hvr
Copy link
Member

hvr commented Oct 15, 2015

FWIW, For facilities I'm building on top of a monotonically append-only index-log, removing .cabal files from the tarball without leaving a placeholder to retain the unique serial/event numbering (alas the timestamps can't be used for that) would be fatal.

However, I'm talking about the 01-index.tar file (where I think there's something like a tar-level deletion entry which can be appended). For the 00-index.tar file I see no problem in physically removing the .cabal entry.

@snoyberg
Copy link
Contributor Author

Yeah, I was worried that the new tarball approach may have had something to do with this.

I'll write down for the record that this is now the second time I'm fixing up something that's broken that's "Hackage Security" related :(

snoyberg added a commit to commercialhaskell/all-cabal-metadata-tool that referenced this issue Oct 15, 2015
@snoyberg
Skip tarballs not found on Hackage haskell/hackage-server#436
ef004fa
@adamgundry
Copy link
Member

@snoyberg I don't believe that this is related to the Hackage Security work.

A user uploaded the problematic package by mistake, and it contained code that was not supposed to be publicly distributed, so the tarball was removed from the server by the admins. Deletion is not yet properly supported (cf. #112, #382) so it's not as easy to remove the .cabal file. Unfortunately this also means that there are a few broken links where the server reports an internal error.

It would be good to implement support for deleting a package (version), removing the .cabal file completely from the 00-index.tar and by replacing it with a sentinel in the 01-index.tar, as @hvr suggests.

@dcoutts dcoutts closed this as completed May 16, 2016
This was referenced Jul 23, 2016
Closed
Closed
@snoyberg snoyberg mentioned this issue Sep 13, 2016
Closed
@gbaz gbaz mentioned this issue Dec 28, 2017
Closed
@tfausak tfausak mentioned this issue Feb 26, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@snoyberg @hvr @adamgundry @dcoutts