Skip to content
This repository has been archived by the owner on Mar 14, 2023. It is now read-only.

Bintray consistently providing distribution with incorrect checksum #132

Closed
sparksis opened this issue Apr 1, 2018 · 5 comments
Closed

Bintray consistently providing distribution with incorrect checksum #132

sparksis opened this issue Apr 1, 2018 · 5 comments

Comments

@sparksis
Copy link

sparksis commented Apr 1, 2018
edited
Loading

As noted in the title, I've downloaded multiple distributions from bintray and all did not match the checksum...

root@colton-dev:/home/colton/Downloads# cat apache-groovy-binary-2.6.0-alpha-3.zip.sha256
13030011ef4f08ac99aec2f3cb287a5305f53c1f364a89e3a2611d7750160c80
root@colton-dev:/home/colton/Downloads# sha256sum apache-groovy-binary-2.6.0-alpha-3.zip
afc991be459de226523cf18cc76361b546a20a912ae48e1247371f6df14fa18d  apache-groovy-binary-2.6.0-alpha-3.zip
root@colton-dev:/home/colton/Downloads# sha256sum /home/colton/Downloads/apache-groovy-binary-2.6.0-alpha-3\ \(1\).zip
13030011ef4f08ac99aec2f3cb287a5305f53c1f364a89e3a2611d7750160c80  /home/colton/Downloads/apache-groovy-binary-2.6.0-alpha-3 (1).zip
root@colton-dev:/home/colton/Downloads# cat /home/colton/Downloads/apache-groovy-binary-2.4.15.zip.sha256
bd4ca37a4d1b3704526d56fc48c119a8f70d418093d8703724407d65250f4aed
root@colton-dev:/home/colton/Downloads# sha256sum /home/colton/Downloads/apache-groovy-sdk-2.4.15.zip
621001284d8fe32970168b0bfa21e2de04517f357826d663f8bbd6d40260a86c  /home/colton/Downloads/apache-groovy-sdk-2.4.15.zip

image
@sparksis
Copy link
Author

sparksis commented Apr 1, 2018

As a note, the most concerning thing about this is that the distribution from the giant Download button goes exclusively to bintray.

@paulk-asert
Copy link
Member

Wow, I hadn't spotted that before. Normally, the zips and checksums should be identical regardless of whether you download them from Apache or Bintray, e.g. do your experiment with 2.4.14 and you will see they are the same. For 2.4.15 I had a disk crash midway through the release and for e.g. 2.6.0-alpha-3, Daniel was the release manager but had troubles with one step, so I did one step from my machine. In both cases, we slipped up - a zip with identical contents but different timestamps was loaded in each case.

Short-term please check Apache zips against the Apache checksum and Bintray zips against the Bintray checksum (just append ".sha256" to the bintray zips url). I'll see if we can't get things rectified in the meantime.

@gmcdonald
Copy link

Note that Apache Groovy is doing two things wrong here apart from the mismatched zips.

  1. You should be using apache.bintray.com and not akamai.bintray.com
  2. This very github repos is not the official Groovy repos but https://github.com/apache/groovy and so this should be closed down to avoid confusion and duplication.

@paulk-asert
Copy link
Member

Hi Gav, not sure what akamai.bintray.com is, we have a special groovy account for bintray. Is there some doco on how to access the apache one somewhere?
Wrt the website, yes we have the apache replacement repo for the website set up for quite some time now but I just haven't found the time to populate it properly yet (just bare bones info for the dev side and nothing for the user side which remains in this repo) and no-one else has offered to date. I am planning to make it higher priority for me after I get 2.5.0 out the door as it is long overdue.

@paulk-asert
Copy link
Member

I'll close this since we identified and fixed what was causing the checksum errors.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paulk-asert @gmcdonald @sparksis