Conversation
|
Related #37957 |
|
The real problem is SHA512 not matched with the origin one. |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| SHA512 c28461123562564e030f3f733f078bc4c840e87598d9f4b718d4bca639120d8133f969c45d7bdc62f33f081d789ec0f14a1791fb7da18515682bfe3c0c7362e0 | ||
| HEAD_REF master | ||
| REPO lzmautils | ||
| FILENAME "xz-5.4.4.tar.gz" |
There was a problem hiding this comment.
You could use the version number from the variable: "xz-${VERSION}.tar.gz".
There was a problem hiding this comment.
Yeah that's easy to fix, however, the current problem is the SHA512 value changed, which cannot guarantee the source code is same with the origin one.
There was a problem hiding this comment.
Yes, this suggestion is unrelated to the SHA512.
There was a problem hiding this comment.
Yes, this suggestion is unrelated to the SHA512.
So we need to wait until accept to switch to sourceforge first.
|
@JackBoosY Also But I think it not the same hash. |
|
Thanks for the workaround attempt :) See #37841 (comment) : the repo should be public again. |
In order to solve the download failure problem caused by the disabled repo due to the planting of backdoor, replace the repo to sourceforge.
Affected version >=5.6.0, so there is no risk on the vcpkg side.
Thanks @AbdulsalamAmin.
Fixes #37893