[R-pkg-devel] checksums change after publication on CRAN?
Dear all, 1. CRAN indeed adds the checksum, as CRAN re-packages a package as it changes at least the DESCRIPTION file and maybe cleans up some line endings and permissions etc. 2. For recommdended packages, we publish in the contrib repository, but also for the release tarballs in subdirs on different days, then the package gets a different checksum, as the punlication day may be different then. 3. In this case we had a quick same version update that added a space in a Makevars file that should not change functionality at all, but makes compilation work on some OS where it would not work without the added space. This was some hotfix during the R-3.5.0 release cycle and carefully reviewed by the CRAN team. CRAN generally does not accept new submissions without increased version number. Best, Uwe Ligges
On 30.04.2018 18:09, Joris Meys wrote:
I wrongfully stated that CRAN added a line. The line was not added but changed (and not in the SVN repo). A diff between both downloads is available here: https://gist.github.com/boegel/2ea28647f00ddd9b18f9b1a0ac6dd2b4 Cheers Joris On Mon, Apr 30, 2018 at 6:03 PM, Joris Meys <Joris.Meys at ugent.be> wrote:
In a discussion of twitter it was pointed out that the checksums of packages change after publication on CRAN. One example is the Matrix package version 1.2-12, which was available on CRAN already on nov 17, 2017 but got a different checksum on nov 20, 2017. This caused issues in eg easybuilders. (see reference here : https://github.com/easybuilders/easybuild- easyconfigs/pull/6118 ) I went through the Matrix SVN repo, and there is no commit whatsoever that adds the last line in the DESCRIPTION file. This line reads: Date/Publication: 2017-11-20 18:57:47 UTC I wondered how this happens, and it looks like CRAN adds this automatically days after the source is available for download. This is suboptimal imho as it would technically mean that you can have two files of the same package version with different checksums. It leads people to believe packages on CRAN can be changed without bumping the version number, and technically that's what it boils down to. Anyone who knows what's going on there? Reference to twitter discussion with Kenneth Hoste about this : https://twitter.com/kehoste/status/990484417721389056 Kind regards Joris -- Joris Meys Statistical consultant Department of Data Analysis and Mathematical Modelling Ghent University Coupure Links 653, B-9000 Gent (Belgium) <https://maps.google.com/?q=Coupure+links+653,%C2%A0B-9000+Gent,%C2%A0Belgium&entry=gmail&source=g> tel: +32 (0)9 264 61 79 ----------- Biowiskundedagen 2017-2018 http://www.biowiskundedagen.ugent.be/ ------------------------------- Disclaimer : http://helpdesk.ugent.be/e-maildisclaimer.php