Hosting binary 'source' tarballs

A while ago I have packaged Softmaker Office and FreeOffice, both are closed source, but are pretty useful (as least to me) because they have fairly good Office compatibility. The derivations work fine, except that they break regularly, because the source tarballs are replaced. E.g., at some point the release version is 972 with the corresponding download URL

Then then Softmaker Office is updated, and not only do they release a new tarball such as:

But the previous version’s tarball is 301-redirected to the new version. Of course, this breaks the derivation until the hash is updated. I asked about this, and they seem to do redirections because people click on links in older release emails:

They suggest hosting the source tarballs ourselves to avoid that hashes change. Is such a facility available?

1 Like

Well, there is but not sure that’s actually intended for non-free software, as that could easily violate licences.

1 Like

There are some derivations where is leveraged, such as nixpkgs/default.nix at 0d7ca4ff088a55fd53825b9518e868b3e6d9ba33 · NixOS/nixpkgs · GitHub - maybe that’s an option.

1 Like

That’s a nice idea, though I guess for new releases one would have to wait some time before they become available?

Another option that I have considered is asking them if we could use GitHub releases. I could make a new repository, commit/tag some metadata, and upload the releases. This is e.g. how spaCy distribute models.

Yeah, that could work. The question is mostly of trust - if upstream already provides binary blobs for sth, it would be nicer to not have the need to trust some additional third party (in this case you, also depends on whether the tarballs are signed or not and the license). The workaround was mostly due to license and trust.

memtest86 falls into this category as well:

For one of my derivations i used the ability to upload packages onto ( ). This could also be used if the webspace is rejecting the bot or the file is too large for scraping.

Similarly, I’ve got a derivation for the Obsidian X cursor theme, since it’s a solid theme and I was missing it from Gentoo. The OpenDesktop sites used to allow direct downloading, but they seem to have stopped, and an email I sent to them went unanswered. The package itself is derived from another GPLv2+ theme so hosting it isn’t a problem legally. Is there a service for cases like this? Is this

(Of course, I’m scratching a personal itch here, I’d understand if we don’t want tons of random themes in Nixpkgs.)

Just wanted to mention that this is now resolved for SoftMaker Office. They do not replace tarballs for older versions anymore:

1 Like