-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The source tarball for podman 2.2.1 now has different checksum #9355
Comments
@cevich PTAL |
Whoa, I think I just barely understand what's happening here 😕 I'm not sure what/where the problem and what/where needs fixing (if it's even possible). Does podman just need to vendor a later commit of |
Update: Yeah, this seems like a github.com (source-archive via URI) facility that we have no control over. What am I missing/not understanding? |
The "best" would be to remove the vendor/k8s.io/client-go/pkg/version/.gitattributes file,
See https://github.com/kubernetes/client-go/archive/78d2af792babf2dd937ba2e2a8d99c753a5eda89.tar.gz We can also just close the issue, since it will be "a while" before another digit is added. We did this once before, when the "libpod" directory was changed to "podman": See Sometimes I miss distfiles and FTP... You ran Other projects just delete the whole vendor dir, and git-ignore it. Then it's really "hope for the best", to reproduce. |
Here is the same thing in Fedora: https://src.fedoraproject.org/rpms/podman/blob/f32/f/sources
It uses more bits and the wrong filename, but the fail is the same: cf9c1c11d0a83de12a6840536040ab202e8b8d626ec6afd77f85629f72dd3a178a4911e02ffafbe9581df2b6d69524528eb2eb621e7d62ab3a261ada51f184e3 v2.2.1.tar.gz Luckily, fedora also saves the .src.rpm with the original tarball. |
So if I understand correctly, the problem is that the checksum of the source tarball changes depending on *when it's downloaded from the GitHub whiz-bang source-archiver URL This is because a file under the @vrothberg if we remove the Seems it will also be a hassle when we need to vendor in a new version, someone will need to remember to manually edit that file 😕 |
Wow!
Try it :) I think yes but I may be wrong. |
If you can live with it being wrong, then it can probably stay just the way it is for some time longer. :-) Unfortunately it is not really deterministic, when git decides to add another significant digit to describe. |
I actually don't know where this version is used. But just like the 70's podman, it's probably ignored ?
Not sure exactly where podman would use the Kubernetes version. As far as I know, only tools/utils ?
|
Maybe we can prune the dependency :) |
I think we can prune the dependency. By what I can see, we're pulling this dependency for @mheon, can you confirm? |
If we can, that would be quite nice - it's a large dependency that we don't really need. |
prune a dependency that was only being used for a simple struct. Should correct checksum issue on tarballs [NO TESTS NEEDED] Fixes: containers#9355 Signed-off-by: baude <bbaude@redhat.com>
prune a dependency that was only being used for a simple struct. Should correct checksum issue on tarballs [NO TESTS NEEDED] Fixes: containers#9355 Signed-off-by: baude <bbaude@redhat.com>
prune a dependency that was only being used for a simple struct. Should correct checksum issue on tarballs [NO TESTS NEEDED] Fixes: containers#9355 Signed-off-by: baude <bbaude@redhat.com>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
The checksum of the release tarball changed, causing verification in build scripts to fail.
Steps to reproduce the issue:
curl -RLOJ https://github.com/containers/podman/archive/v2.2.1.tar.gz
sha256sum podman-2.2.1.tar.gz
Describe the results you received:
3212bad60d945c1169b27da03959f36d92d1d8964645c701a5a82a89118e96d1 podman-2.2.1.tar.gz
Describe the results you expected:
bd86b181251e2308cb52f18410fb52d89df7f130cecf0298bbf9a848fe7daf60 podman-2.2.1.tar.gz
Additional information you deem important (e.g. issue happens only occasionally):
The actual code is functionally the same, but source verification fails.
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes/No
Additional environment details (AWS, VirtualBox, physical, etc.):
Buildroot
It seems like one of the files in the distribution has some magic git attributes set:
This causes it to replace some of the text, when the git archive is created:
And since the number of significant digits in podman changed, it now fails:
Note that it is using the podman commit, and not the client-go commit.
i.e. a0d478e not 78d2af792bab
The text was updated successfully, but these errors were encountered: