Opened 13 years ago

Closed 13 years ago

#32027 closed update (fixed)

pianobar @2011.11.11-1 Update pianobar to 2011.11.11 build

Reported by: zheaton@… Owned by: aguynamedryan+pianobar@…
Priority: Normal Milestone:
Component: ports Version: 2.0.3
Keywords: haspatch Cc: ryandesign (Ryan Carsten Schmidt), fitzmorrispr@…
Port: pianobar

Description

Update pianobar to the most recent github release, which fixes authentication errors, makes TLS connections the default, and embeds the Pandora certificate fingerprint. Note that this is more recent than the 2011.11.11 snapshot posted on the Pianobar homepage.

Attachments (2)

pianobar_20111111_patch.diff (1.5 KB) - added by zheaton@… 13 years ago.
Portfile patch
pianobar-2011.11.11.diff (10.3 KB) - added by ryandesign (Ryan Carsten Schmidt) 13 years ago.
revised patch

Download all attachments as: .zip

Change History (8)

Changed 13 years ago by zheaton@…

Portfile patch

comment:1 Changed 13 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: ryandesign@… added; aguynamedryan+pianobar@… removed
Keywords: haspatch added
Owner: changed from macports-tickets@… to aguynamedryan+pianobar@…
Port: pianobar added

We would prefer to fetch from a distfile rather than from git. Why is the 2011.11.11 release not sufficient -- which changes made since then do we absolutely need? It might be preferable to express those changes as patchfiles to the 2011.11.11 source. Or just wait for the next release; if the changes are essential, surely a new release is imminent.

comment:2 Changed 13 years ago by zheaton@…

The primary advantage of the current git snapshot over the 2011.11.11 release is simplified configuration. The 2011.11.11 release requires the user to manually export the TLS certificates used to authenticate Pandora and set up a configuration file pointing at the certificates. The current github snapshot eliminates that step by embedding the Pandora certificate fingerprint directly in the application.

That said, if there is a strong preference for using snapshots instead of git, it probably makes more sense to wait for a new snapshot.

Changed 13 years ago by ryandesign (Ryan Carsten Schmidt)

Attachment: pianobar-2011.11.11.diff added

revised patch

comment:3 Changed 13 years ago by ryandesign (Ryan Carsten Schmidt)

It looks like there's just a single upstream revision we need for that. So here's patch to use the 2011.11.11 distfile, plus that patch.

comment:4 Changed 13 years ago by fitzmorrispr@…

Cc: fitzmorrispr@… added

Cc Me!

comment:5 in reply to:  3 ; Changed 13 years ago by aguynamedryan+macports@…

Replying to ryandesign@…:

Thanks zheaton and ryandesign for the patches!

pianobar-2011.11.11.diff works for me, though I don't understand why distfiles are preferred over fetching via git. Is there some documentation on this?

comment:6 in reply to:  5 Changed 13 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: fixed
Status: newclosed

Replying to aguynamedryan+macports@…:

pianobar-2011.11.11.diff works for me,

Committed in r87249.

though I don't understand why distfiles are preferred over fetching via git. Is there some documentation on this?

When you fetch from a version control system instead of a distfile, we cannot use checksums to verify the distfile's integrity and verify that it has not changed since the port was written. And if there is no distfile we cannot mirror it on our network of distfiles servers. This means if the original server goes down, the port can no longer be fetched or built.

zheaton's patch specified the git.branch to use, but if, like many port authors, you forget to specify the branch or revision, then the build is not reproducible: users building the port one day get different software than users building the port another day, though the port version has not changed. This is what the guide means when it says "fetching via (a version control system) may cause non-reproducible builds, so it is strongly discouraged"

The buildbot (and the distfiles mirror) lives on a restricted network that can only fetch from http and https URLs, so when fetch from a different kind of URL (i.e. a git: URL or an ftp: URL) the buildbot cannot fetch the port and thus cannot build it. (Many GIT repositories are thankfully available at http: or https: URLs.)

See also a recent message on macports-dev in which Landon, who first added to MacPorts the ability to fetch from CVS, reiterates his feeling that doing so was a mistake and that it should not be used in its present form.

Therefore, if at all possible, let's use distfiles instead of fetching from a version control system.

Note: See TracTickets for help on using tickets.