Skip to content

openark@1.5.2: Fix checkver & autoupdate URLs, update homepage & description #16446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

openark@1.5.2: Fix checkver & autoupdate URLs, update homepage & description #16446

wants to merge 1 commit into from

Conversation

@SorYoshino
Copy link
Contributor

@SorYoshino SorYoshino commented Oct 23, 2025
edited by coderabbitai bot
Loading

Summary

Switch download sources to the official OpenArk server, uses SHA1 hashes instead of SHA256, and modifies the homepage and version checking method accordingly.

Related Issue

Changes

  • Update homepage URL
  • Change download source to file.blackint3.com:88
  • Replace SHA256 with SHA1 hashes (per upstream)

Testing

┏[ D:\Software\Scoop\Local\apps\scoop\current\bin][ master ≡]
└─> .\checkver.ps1 -App openark -Dir "D:\Temporary\Software\Microsoft\Windows Sandbox\Repositories\Scoop\Buckets\Extras\bucket" -f
openark: 1.5.2 (scoop version is 1.5.2)
Forcing autoupdate!
Autoupdating openark
DEBUG[1761225938] [$updatedProperties] = [hash url] -> D:\Software\Scoop\Local\apps\scoop\current\lib\autoupdate.ps1:491:5
DEBUG[1761225938] $substitutions (hashtable) -> D:\Software\Scoop\Local\apps\scoop\current\lib\autoupdate.ps1:221:5
DEBUG[1761225938] $substitutions.$majorVersion                  1
DEBUG[1761225938] $substitutions.$matchHead                     1.5.2
DEBUG[1761225938] $substitutions.$minorVersion                  5
DEBUG[1761225938] $substitutions.$matchTail
DEBUG[1761225938] $substitutions.$preReleaseVersion             1.5.2
DEBUG[1761225938] $substitutions.$urlNoExt                      http://file.blackint3.com:88/openark/files/openark/OpenArk-v1.5.2/OpenArk32
DEBUG[1761225938] $substitutions.$baseurl                       http://file.blackint3.com:88/openark/files/openark/OpenArk-v1.5.2
DEBUG[1761225938] $substitutions.$dashVersion                   1-5-2
DEBUG[1761225938] $substitutions.$buildVersion
DEBUG[1761225938] $substitutions.$underscoreVersion             1_5_2
DEBUG[1761225938] $substitutions.$basenameNoExt                 OpenArk32
DEBUG[1761225938] $substitutions.$basename                      OpenArk32.exe
DEBUG[1761225938] $substitutions.$url                           http://file.blackint3.com:88/openark/files/openark/OpenArk-v1.5.2/OpenArk32.exe
DEBUG[1761225938] $substitutions.$cleanVersion                  152
DEBUG[1761225938] $substitutions.$match1                        1.5.2
DEBUG[1761225938] $substitutions.$patchVersion                  2
DEBUG[1761225938] $substitutions.$dotVersion                    1.5.2
DEBUG[1761225938] $substitutions.$version                       1.5.2
DEBUG[1761225938] $hashfile_url = http://openark.blackint3.com:88/release/openark-v152 -> D:\Software\Scoop\Local\apps\scoop\current\lib\autoupdate.ps1:224:5
Searching hash for OpenArk32.exe in http://openark.blackint3.com:88/release/openark-v152
DEBUG[1761225939] $regex = >OpenArk32\.exe</a>\s*([a-fA-F0-9]{40})\s*\(SHA1\) -> D:\Software\Scoop\Local\apps\scoop\current\lib\autoupdate.ps1:78:9
Found: sha1:0f76966e55087a1ba4bdd567a44e6eca1f385d63 using Extract Mode
... ...
Writing updated openark manifest

┏[ D:\Temporary\Software\Microsoft\Windows Sandbox\Repositories\Scoop\Buckets\Extras\bucket][  openark ≢  ~1]
└─> scoop install .\openark.json
Installing 'openark' (1.5.2) [64bit] from 'D:\Temporary\Software\Microsoft\Windows Sandbox\Repositories\Scoop\Buckets\Extras\bucket\openark.json'
Loading OpenArk64.exe from cache.
Checking hash of OpenArk64.exe ... ok.
Linking D:\Software\Scoop\Local\apps\openark\current => D:\Software\Scoop\Local\apps\openark\1.5.2
Creating shortcut for OpenArk (OpenArk.exe)
'openark' (1.5.2) was installed successfully!

  • Use conventional PR title: <manifest-name[@version]|chore>: <general summary of the pull request>
  • I have read the Contributing Guide

Summary by CodeRabbit

  • Chores
    • Updated OpenArk download endpoints and verification mechanisms for improved reliability and security of binary distribution channels.

@coderabbitai
Copy link

coderabbitai bot commented Oct 23, 2025
edited
Loading

Walkthrough

The bucket/openark.json manifest file was updated to reflect new binary download locations and hashes. Changes include updated checkver source URL with new regex, refreshed autoupdate URLs and SHA1 hashes for both 64-bit and 32-bit architectures, and a new hash lookup scheme for automated verification.

Changes

Cohort / File(s) Summary
OpenArk metadata update
bucket/openark.json		 Updated description and homepage text; refreshed download URLs and SHA1 hashes for 64-bit and 32-bit binaries; changed checkver source from GitHub to direct HTTP release URL with new regex; updated autoupdate paths to new file host; added hash lookup scheme for release page

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

review-needed

Suggested reviewers

  • z-Fng

Poem

🐰 URLs and hashes update today,
New hosts for binaries on their way,
Checksums verified, SHA1 in place,
OpenArk speeds up the race! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The pull request title "openark@1.5.2: Fix checkver & autoupdate URLs, update homepage & description" directly summarizes the main changes in the changeset. According to the raw summary, the primary modifications include updating checkver sources from GitHub to a direct HTTP URL, updating autoupdate URLs to point to a new file host, adding a hash lookup scheme, and updating the homepage and description. The title accurately captures all these key changes using the conventional format <manifest-name@version>: <summary>. The title is concise, clear, and specific enough for a teammate to understand the primary purpose of the change without needing to review the full changeset.
Description Check ✅ Passed The pull request description aligns well with the template requirements. It includes a clear Summary section explaining the main objective (switching to the official OpenArk server with SHA1 hashes), a Related Issue section referencing #16379, and a Changes section detailing the modifications. Most importantly, both required checkboxes are completed: the contributor confirms using the conventional PR title format and states they have read the Contributing Guide. The description goes beyond minimum requirements by including detailed Testing evidence with debug output and verification of the installation, demonstrating thorough validation of the changes.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fbf97a3 and 6201fec.

📒 Files selected for processing (1)
  • bucket/openark.json (2 hunks)
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings 
Learnt from: o-l-a-v
PR: ScoopInstaller/Extras#16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: WindowsPowerShell
  • GitHub Check: PullRequestHandler
🔇 Additional comments (5)
bucket/openark.json (5)

3-4: Metadata updates look good.

The description and homepage changes are appropriate for the upstream source migration.

8-9: Binary URLs and hashes verified by testing.

The contributor tested the hash validation during local installation, confirming the SHA1 values are correct.

Note: All new URLs use HTTP on non-standard port 88 rather than HTTPS. While this reduces security posture, it appears to match the upstream infrastructure constraints. Ensure this is acceptable for your security policy.

Also applies to: 12-13

23-24: Verify checkver regex matches the release page HTML.

The regex pattern (?i)>OpenArk\\s*v([\\d.]+)< assumes a specific HTML structure on the release page. While the PR mentions testing with checkver.ps1, please confirm:

  1. The actual release page HTML matches this pattern.
  2. The regex reliably extracts version numbers from http://openark.blackint3.com:88/release/.

If the upstream changes the HTML format in the future, this check will silently fail to detect new versions.

29-29: Autoupdate URLs follow the correct pattern.

The $version substitution matches the hardcoded URLs in the architecture section and should work correctly for future releases.

Also applies to: 32-32

35-38: HTML-based hash extraction is fragile; verify against actual release page.

This new mechanism extracts SHA1 hashes by scraping the upstream release page HTML using a regex pattern. This approach has two key risks:

  1. Fragility: If upstream changes the HTML structure or format (extra spaces, different tags, etc.), the regex will fail to extract the hash. The contributor tested that checkver.ps1 runs and finds a hash, but this doesn't confirm the regex pattern matches the actual HTML.

  2. $cleanVersion substitution: The URL uses $cleanVersion to convert "1.5.2" → "152". Verify this Scoop variable substitution produces the expected path.

Related learning from CompactGUI (PR #16378): hash verification was removed when the upstream mechanism became unavailable. This approach has similar brittle HTML-scraping characteristics.

Please confirm:

  • The actual release page HTML at http://openark.blackint3.com:88/release/openark-v152 matches the regex pattern ">$basename</a>\\s*$sha1\\s*\\(SHA1\\)".
  • Hash extraction was tested live (not just relying on pre-cached hashes from the architecture section).

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 23, 2025

All changes look good.

Wait for review from human collaborators.

openark

  • Lint
  • Description
  • License
  • Hashes
  • Checkver
  • Autoupdate
  • Autoupdate Hash Extraction

Check the full log for details.

@z-Fng z-Fng mentioned this pull request Oct 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

review-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SorYoshino