mono: migrate source to GitHub tag via gs:// mirror (6.12.0.199 → 6.12.0.206)#233
Open
bryan-minimal wants to merge 1 commit into
Open
mono: migrate source to GitHub tag via gs:// mirror (6.12.0.199 → 6.12.0.206)#233bryan-minimal wants to merge 1 commit into
bryan-minimal wants to merge 1 commit into
Conversation
…→ 6.12.0.206 Migrate mono off download.mono-project.com — a Microsoft-archived Azure blob (last modified 2024-05) that may disappear and leave the package unsourceable — to our archive bucket, sourced from the GitHub tag. The mono/mono repo has no GitHub release asset, and the auto-generated archive omits the external/ submodules, so the source is a prepared `git archive --recurse-submodules` of tag mono-6.12.0.206 (commit 0cbf0e2) bundling the full source + submodule trees (boringssl/bdwgc/llvm-project/cecil), mirrored at gs://minimal-staging-archives/mono/mono/. sha256 pinned. .199 only ever existed as a mono-project.com release blob, so it can't be sourced from GitHub; bumped to the latest tag .206 (7-commit patch range). build.sh: the prepared tarball ships the raw tag tree (no generated configure), so it now runs ./autogen.sh first (adds the m4 build dep), and strips the AppleDouble ._* sidecar files the macOS archiver scattered through the tree (they break mono's *.cs glob with CS1056 on e.g. external/cecil/.../._TextMap.cs). Locally built (clean room, arm64/linux) through fetch → sha256 → autogen → configure → make, past the external/cecil class-lib compile that the ._* strip fixes; buildbot runs the full build. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughMono is updated from version 6.12.0.199 to 6.12.0.206 with a source location change from a Microsoft-hosted tar.xz to a Google Cloud Storage tar.gz archive. The build script is adapted to extract the new format, remove macOS metadata sidecar files, and regenerate autotools before building. ChangesMono Build Configuration and Script
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
bryan-minimal
added a commit
that referenced
this pull request
Jun 10, 2026
Deep dive on the license_spdx coverage gap, two threads: 1. Manual queue — the "undetectable" packages askalono + the GitHub license API miss (custom LICENSE text, prebuilt binaries with no scannable source, or no upstream metadata). Declared canonical SPDX for 53 via per-package upstream-LICENSE verification: sqlite=blessing, postgres=PostgreSQL, redis=AGPL-3.0/SSPL (v8 era), terraform=BUSL-1.1, jdk=GPL-2.0 WITH Classpath-exception, pcre2=BSD-3 WITH PCRE2-exception, etc. bc corrected to BSD-2-Clause (the pinned 7.x is Gavin Howard's bc, not GNU bc). graphviz held at EPL-1.0 (the EPL-2.0 relicense postdates the pinned 14.1.1). 3 stay undeclared with cause: android-sdk + claude-code (proprietary, no SPDX id), zsh (custom permissive license, no SPDX id). 7 internal/meta packages (base, toolchain, ...) and mono (rides with PR #233) excluded by design. 2. Compound-expression audit — the whole-tarball askalono scan over-matches, folding license text from vendored deps / test fixtures / data files / per-file headers into AND-joined expressions. Verified all 13 compounds against the real upstream LICENSE files: - false positives dropped: py-packaging (Pixar — matched packaging's OWN _spdx.py id lookup table, not a grant), tcl (SMLNJ), dbus (BSD-3-Clause-HP + FSFULLRWD — 0 hits across the source tree), libffi (GPL from build files) - AND->OR for choose-one duals: cairo, gmp, nettle, less, zstd - restored dropped options: gmp + nettle LGPL - precise exceptions: socat (openvpn-openssl-exception), autoconf (Autoconf-exception-generic-3.0) - dbus kept as (AFL-2.1 OR GPL-2.0-or-later) AND GPL-2.0-or-later: the package ships GPL-only dbus-* tools alongside the dual-licensed core. Coverage 96.5% (327/339 packages). All 368 parse (minimal dump --packages). Every declared id re-validated against the canonical SPDX list (729 licenses + 85 exceptions). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
mono: migrate source to GitHub tag + gs:// mirror
Migrates mono off
download.mono-project.com— a Microsoft-archived Azure blob (last modified 2024-05) that could vanish and leave the package unsourceable — to our archive bucket, sourced from the GitHub tag. (task #134)What changed
gs://minimal-staging-archives/mono/mono/mono-%{version}.tar.gz, a preparedgit archive --recurse-submodulesof GitHub tagmono-6.12.0.206(commit0cbf0e2). The mono/mono repo has no release asset and the GitHub auto-archive omits theexternal/submodules, so the prepared tarball bundles the full source + submodule trees (boringssl / bdwgc / llvm-project / cecil / …). sha256 pinned.6.12.0.199 → 6.12.0.206..199only ever existed as a mono-project.com release blob, so it can't be sourced from GitHub at all; moved to the latest tag (a 7-commit patch range).build.sh:.tar.xz→.tar.gz.configure), so it now runsNOCONFIGURE=1 ./autogen.shfirst to regenerate the autotools build system (+m4build dep, matchingpackages/check).._*sidecar files the macOS archiver scattered through the tree — mono's*.csglob otherwise feeds these binary sidecars to the C# compiler (CS1056 "unexpected character"on e.g.external/cecil/Mono.Cecil.PE/._TextMap.cs).Verification (built locally before opening)
Clean-room build (
minimal package mono, arm64/linux) verified end-to-end through fetch → sha256 verify → extract →._*strip →autogen.sh→configure→make, past theexternal/cecilclass-lib compile that the._*strip fixes. Handing the full build to buildbot from here (faster than a local machine for mono).Reviewer notes
._*strip is defensive and recurrence-safe (protects any future macOS-prepared mono tarball). The alternative is re-uploading a cleaned tarball with a new sha256 — happy to switch if you'd rather the hosted artifact be._*-free at rest.source_provenancestaysGithubRepo mono/mono(consistent with howage/acl/etc. declare a GithubRepo provenance while sourcing the bytes from thegs://mirror).🤖 Generated with Claude Code
Summary by CodeRabbit