flatpak-node-generator fails with sha1 integrity check
Closed this issue · 11 comments
flatpak-builder version
1.2.0
Linux distribution and version
Ubuntu 20.04
Affected flatpak-builder tool
node/flatpak-node-generator.py
flatpak-builder tool cli args
--no-requests-cache --no-xdg-layout
Source repository URL
https://raw.githubusercontent.com/cinnyapp/cinny/v2.2.0/package-lock.json
Flatpak-builder manifest URL
https://raw.githubusercontent.com/flathub/in.cinny.Cinny/master/in.cinny.Cinny.yml
Description
I have updated my dependency (@matrix-org/olm) and it has sha1 integrity hash now. Now builder seems to be failing when processing that dependency to generate node sources.
Logs: https://github.com/flathub/in.cinny.Cinny/actions/runs/3073712103/jobs/4966018497#step:12:3399
It seems like it breaks because the @matrix-org/olm package comes from gitlab registry.
@refi64 I suppose we'll need to support custom registries after all.
It was working until we updated that dep https://github.com/flathub/in.cinny.Cinny/actions/runs/3040072469/jobs/4895703549#step:12:2543
I think it was working because @matrix-org/olm was pinned to an exact tarball url, not to a registry version.
ah.. that could be it.
It's still failing on that dependency https://github.com/kfiven/in.cinny.Cinny/actions/runs/3117155528/jobs/5055610309#step:12:886
Hmm. My guess it's because you're downloading the package-lock.json file alone (thus the generator doesn't see the .npmrc). Try recursively cloning the whole cinnyapp/cinny-desktop git repo instead.
I also tried https://github.com/kfiven/in.cinny.Cinny/actions/runs/3117132385/jobs/5055566981#step:12:49 downloading .npmrc file along with lock file but still failed. (Could it be that .npmrc has extra info in addition to registry?)
Cloning the whole repo worked. Thanks!