Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gradle 2.7 distributionSha256Sum not validating? #7

Closed
msgilligan opened this issue Sep 14, 2015 · 5 comments
Closed

Gradle 2.7 distributionSha256Sum not validating? #7

msgilligan opened this issue Sep 14, 2015 · 5 comments

Comments

@msgilligan
Copy link
Member

I upgraded to Gradle 2.7 today and discovered and reported this issue to Gradle.org:

https://discuss.gradle.org/t/distributionsha256sum-not-validating-in-gradle-2-7/11649

We can use this issue to track progress and remind us to fix it.
@dexX7
Copy link
Member

dexX7 commented Sep 14, 2015

Did you really download gradle-2.7-bin.zip, when you run ./gradlew, or could it be that the wrapper used an already cached package?

I changed the distributionSha256Sum, and the verification worked as expected (i.e. failed):

$ ./gradlew 
Downloading https://services.gradle.org/distributions/gradle-2.7-bin.zip
...
Verification of Gradle distribution failed!

Your Gradle distribution may have been tampered with.
Confirm that the 'distributionSha256Sum' property in your gradle-wrapper.properties file is correct and you are downloading the wrapper from a trusted source.

 Distribution Url: https://services.gradle.org/distributions/gradle-2.7-bin.zip
Download Location: ~/.gradle/wrapper/dists/gradle-2.7-bin/4s0fcuuppw3tjb1sxpzh16mne/gradle-2.7-bin.zip
Expected checksum: 'cde43b90945b5304c43ee36e58aab4cc6fb3a3d5f9bd9449bb1709a68371cb08'
  Actual checksum: 'cde43b90945b5304c43ee36e58aab4cc6fb3a3d5f9bd9449bb1709a68371cb06'

However, after resetting the file hash, and properly downloading everything, changing the hash had no effect.

@msgilligan
Copy link
Member Author

I see. Looks like my mistake. I'll try changing the hash, removing the download, and trying again.

@msgilligan
Copy link
Member Author

Yes, changing the hash in gradle-wrapper.properties then running:

rm -rf ~/.gradle/wrapper/dists/gradle-2.7-bin/

catches the error.

They made a performance enhancement in 2.7 that prevents the same test I used on 2.6 from verify their verification

It would be nice if there was an option to force the check. I made that request on the resolved issue. We'll see if the notice.

@msgilligan
Copy link
Member Author

Sterling from Gradle says we can force a check by

by just running a single build with a different gradle user home (e.g., gradlew -g /path/to/somewhere help).

@chagai95
Copy link

don't know why commenting was locked here renovatebot/renovate#6187

but solution 2 worked for me, just deleted the line, all the rest was too complicated, so if anyone like me just wants to get it to work just delete the distributionSha256Sum line in gradle-wrapper.properties

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msgilligan @dexX7 @chagai95