Hi, When trying to package some dependencies for a new version of Nanoc, I noticed that some gems start to ship SHA256 digests instead of SHA1 in addition to SHA512. This happens for example with the ddmetrics gem https://rubygems.org/gems/ddmetrics As a consequence, gem2deb fails on such gems with the following error. ddmetrics doesn't seem to exist. Let's try to download it with 'gem fetch ddmetrics' gem fetch ddmetrics Fetching: ddmetrics-1.0.0.gem (100%) Downloaded ddmetrics-1.0.0 -- Creating source tarball from ddmetrics-1.0.0.gem ... tar xfm /tmp/ddmetrics-1.0.0.gem /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:131:in `block (2 levels) in verify_and_strip_checksums': undefined method `[]' for nil:NilClass (NoMethodError) from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:130:in `each' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:130:in `block in verify_and_strip_checksums' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:128:in `each' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:128:in `verify_and_strip_checksums' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:85:in `block in extract_gem_contents' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:83:in `chdir' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:83:in `extract_gem_contents' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:67:in `convert!' from /usr/lib/ruby/vendor_ruby/gem2deb/gem2tgz.rb:33:in `convert!' from /usr/bin/gem2deb:114:in `<main>' I am considering adding Digest::SHA256 to the list of digests tested in gem2tgz and skip the checksum computation if the digest name is not a key of the hash read from the YAML file. What do you think? Cédric
Attachment:
signature.asc
Description: PGP signature