commercialhaskell / all-cabal-hashes Goto Github PK

Is it any way to inspect when the index was last updated and what is the index using stack?

Apologies if this is off-topic for this repository, but my team and I have been forever trying to find a better way to add extra-deps with sha256 values into a stack.yaml than our current approach of "put in a wrong thing and let stack tell you". I thought this repository was the answer but it seems not, so I'm wondering if you can help clarify.

As an example, https://www.stackage.org/nightly-2022-02-07/package/freckle-app-1.0.0.4 shows,

freckle-app-1.0.0.4@sha256:8cb624bb3e8805d626b700127690d54d1ddc736073720ac9806a3b04dd3c3216,6244

While https://github.com/commercialhaskell/all-cabal-hashes/blob/hackage/freckle-app/1.0.0.4/freckle-app.json shows,

{
  "package-hashes": {
    "SHA256":"e05c933a5e0896930359f458c5d75fd9bfc0906c2fce03c794d8a4138f777a64"},
    ...
  },
  ...,
  "package-size":30140
}

Are these just completely different artifacts for completely different uses, or is there any relation between the two that I can leverage to be able to just compute a sha256 of a Hackage extra-dep when needed?

The current stackage2nix strategy is looking up the GitSHA1 from lts-*.yaml in this repo to find the .cabal file that was used to generate the stackage snapshot.
However, the revision that was used in lts-13.0 to lts-13.17 is nowhere to be found. I'm guessing it was updated multiple times between two all-cabal-hashes updates, and the one used for stackage was missed.

version: 1.9.3
cabal-file-info:
  size: 14567
  hashes:
    MD5: f50ba0a57c2c70bef08440f2fe730205
    Skein512_512: 85646a5584810a89149ba07570206fb77cef7fd10f5c9fdd15ee55292161343677c410541c55481d64f705864ea396aac3db5ed7934c0c1fb643ba28570e5688
    SHA1: 06d626093146ae1303fed1b8dabf4a189f433c21
    SHA512: 331d6a0cf17c544fe929baab82685b7704f1862fe54d52fd239916e31c4e1714d68ae37933968c42b4a38138697b1132bba6310539e2c2f5d4eb813885d37108
    SHA256: baa90be35275c7eed865376bf4cd099fd43e680f740d69f5c0857b81298f50be
    GitSHA1: 93225d4b188a1847b44f3d70b44efe6027144909

Hackage had the above version added 2 weeks ago: https://hackage.haskell.org/package/Spock-0.7.10.0
But this version doesn't exist in this repo: https://github.com/commercialhaskell/all-cabal-hashes/tree/hackage/Spock

The Readme says it's supposed to update every 30 mins, I pushed a library this afternoon and it hasn't been recognized by stack yet, checking the commit logs on the hackage branch show that there hasn't been a commit in 9 hours; Has something gone wrong?

There exists a file gogol-admin-reports/0.2.0/gogol-admin-reports.cabal but no matching JSON file.

This repository only contains Cassava but not cassava.

I don't want to get into a debate why Cassava exists and how cassava messed up.

Of course if we had both package in all-cabal-hashes this would break on case-insensitive file systems. Similarly looking up the data for cassava without some special casing for this specific package results in lookup failures.

Subject says it all really, I pushed something to Hackage and couldn't use it immediately.

The hermes/1.3.4.3 directory is lacking the JSON file.

The file wai-middleware-prometheus/0.2.0/wai-middleware-prometheus.json does not exist.

I had some failing CI job and noticed the trigger was that all-cabal-hashes has not been updated since 4 days.

BTW, if I would like to host a mirror of all-cabal-hashes or all-cabal-files, where can I find the software that updates the data?

There are new packages (and package updates) on hackage, which are already on all-cabal-files and not here, because the Travis job hasn't been triggered in the past 22 hours.
See #2342 on stack.

When building these packages in Nix, we need to download the modified Cabal file in case the package has underdone revisions after the upload. This means that we need to know a checksum of the Cabal file in addition to the one we already have for the release tarball. It would be great if that hash would be included in this repository.

For some tools, it would be useful to have an index of the available packages / versions in the repository. Then, tools wouldn't have to traverse the whole directory tree to get a list of available packages / versions.

intro-0.1.0.9 is yet another case where the Git repository has a Cabal file but no accompanying JSON file. Is there maybe a way to add that information manually just so that users of this repository are shielded from whatever issues the Hackage repository might have and that are outside of our control?

Another case of #19, maybe?

Has anyone looked at this: commercialhaskell/stack#2773 ?

It appears something is going wrong with the signing process, perhaps?