ccemux: mark broken (download fails hash validation)

[ghost]

This package's FOD fails hash validation.

[kirillrdy]

can we update hash ?

[ghost]

Since I don't use this software I am not qualified to decide if that's safe.

Usually the best course here is to mark the package as broken and if nobody steps up, let the package get garbage-collected. If somebody does step up to audit the mysteriously-changed binary jarfile, and wants to take the reputational risk upon themselves, more power to them!

[kirillrdy]

maybe @viluon can have a look ( last committer ), otherwise I agree with your assessment

[superherointj]

I agree with @amjoseph-nixpkgs . My nitpick is to open a tracking issue and reference it. So discussions of fixing that package happens in that issue. And add the day the breakage is being reported.

[MCJack123]

Upstream doesn't do version control on binaries AFAIK. The maintainer will have to be on top of version bumps to avoid this issue from happening. I don't use Nix, so I don't know if this is an option (probably isn't), but it may also be necessary to skip checking hashes to avoid breakages between updates.

Disregard this, I've been corrected.

[viluon]

Nah, see CCEmuX/CCEmuX#167. Thanks @kirillrdy for the mention.

[viluon]

Per @SquidDev's response, it should be safe to just update the hash, although the package will remain flaky.

I agree that a full Nix build would be better, maybe the original packager @CrazedProgrammer has tried this in the past? I've had little luck with Gradle builds in Nix myself, but maybe this is a simple enough project that it could work.