Skip to content

[Release][CI][Dev] Change to github.com/repo/owner/archive/tag.tar.gz compression breaks hash compatibility  #33939

New issue
New issue
Closed
Closed
[Release][CI][Dev] Change to github.com/repo/owner/archive/tag.tar.gz compression breaks hash compatibility #33939
Labels
Component: Continuous IntegrationComponent: Developer ToolsComponent: ReleaseType: bug
@assignUser

Description

@assignUser
assignUser
opened on Jan 30, 2023

Describe the bug, including details regarding any error messages, version, and platform.

Due to due a change to the compression of github.com/repo/owner/archive/tag.tar.gz archives builds with BUNDLED dependencies are broken across the board. Even if we update the hashes for HEAD they will STAY BROKEN for all historic commits and releases. ⚠️

This does not only affect arrow but all package managers relying on these links with checksum verification. (conan, vcpkg, homebrew, bazel ...). Hopefully they will role this back to allow for backwards compatibility but the current communication does not sound like it. But also seems a bit tone deaf to the gigantic impact this change has had.

Official announcement (after the fact) https://github.blog/changelog/2023-01-30-git-archive-checksums-may-change/
Additional infos
bazel-contrib/SIG-rules-authors#11
https://github.com/orgs/community/discussions/45830

Component(s)

Continuous Integration, Developer Tools, Release

Metadata

Metadata

Assignees

No one assigned

    Labels

    Component: Continuous IntegrationComponent: Developer ToolsComponent: ReleaseType: bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions