New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The checksum verification of the file failed (downloaded from https://repo.magento.com/archives/vertex/sdk/vertex-sdk-1.0.0.0.zip) #19283
Comments
Hi @andkirby. Thank you for your report.
Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:
where @andkirby do you confirm that you was able to reproduce the issue on vanilla Magento instance following steps to reproduce?
|
After the command
|
Hi @engcom-backlog-nazar. Thank you for working on this issue.
|
Hi @andkirby , thank you for you report, The GitHub issue tracker is intended for Magento Core technical issues only. |
@engcom-backlog-nazar This should be considered a Magento Core Technical issue. That package is hosted on repo.magento.com and it's a default Magento dependency. |
@giacmir ok, i'm understand, but now i'm try to update vertex and have no error with checksum. |
The issue happens when you have What I'm reporting is that in some occasions packages in repo.magento.com change their content without a change in the version number (possibily some If you install Magento now it works, if you installed it, say, three days ago and today you do a |
@giacmir thanks now clear. I'm leave this open |
In case someone is looking for a temporary workaround:
Update your composer.lock vertex/sdk entry with that sha and you should be good to go. |
Cannot find
May be this idea is right: "Probably there is some procedure (manual or automatic) that is failing." |
The same... I've decided to create archive as a workaround.
If you lost source files -- I can share. |
@MichaelThessel, there is a bit easier way to update your
Actually, there are several broken packages. |
Magento 2.3.0 is here:
no more |
I started my project with the 2.3 beta (now running the actual 2.3 version) and just had the checksum mismatch happen to me. It was fixed by deleting the vendor/vertex/sdk which somehow forced composer to re-download the actual package and update with the correct checksum. The The @MichaelThessel trick is also a good one to check if everything is fine. Why we have to go through all that is beyond me, though. |
Hi @dmytro-ch. Thank you for working on this issue.
|
@dmytro-ch Thank you for verifying the issue. Based on the provided information internal tickets |
This package vertex/sdk 1.0.0 hasn't been changed since ~ Nov 19th, but it is likely that the same version was overridden which was live. We are looking into the publication process if an identical package and version is being re-zipped and overwriting it even if there are no changes. Note: re-zipping same contents can change the shasum of the zip file even if there were no changes. The correct shasum here is 6c7ed091879e66d75faf95fed7e48751693c68c7 If you are running into shasum error here, try composer clear-cache and/or updating the composer.lock file with the aforesaid shasum for this package. |
This issue is not reproducible on 2.3 |
To make it work (this is not fix, this is to bypass someone's bad decisions):
That will download new zip, with different checksum. I'm pissed of changing module files without changing the version, that is bad practise and it's not only for the That problem blocked our team for a good chunk of time and I understand the frustration of developers on that subject, especially those, who use deployment process installing packages on infrastructure with multiple machines. I think it is ridiculous that such things are happening. |
@rafael-shkembi - It happened to me yesterday on 2.3 instance. Personally I think, that this issue is Magento independent and can only be truly fixed by applying the authors of the package to good practices. The bad part is that they cannot roll back it, because one half of developers updated the package and second half have not and one package cannot exist in two checksum simultaneously. We can only have hope that this will never happen again. |
It seems this issue has been already fixed and cannot be reproduced on the latest codebase. |
Hi @sdzhepa, thanks for the update. That's about composer repository only. |
Summary (*)
Magento v2.2.5
We are trying to install
vertex/sdk
package within Magento2 regular installation from existcomposer.lock
file.This packages requires
magento/product-community-edition
package through"vertex/module-tax": "^2.1.2"
.And we got an exception:
Examples (*)
This package description in
composer.lock
:Proposed solution
Please provide information why an archive has been updated and expected
shasum
value.Just for the record, the current
shasum
isc78a12a5a07994a88502eb09729605bc192d5840
.Thank you.
The text was updated successfully, but these errors were encountered: