Message ID | 20250807094204.3505777-1-dario.binacchi@amarulasolutions.com |
---|---|
State | New |
Headers | show |
Series |
|
Related | show |
Hi Dario, Thanks for the patch. I have few comments. On 07/08/2025 11:42, Dario Binacchi wrote: > I think the issue is caused by PR [1] being merged without a rebase, > which may have triggered an automatic re-generation of the tar.gz > archive. This wording suggests you are not sure. Looking at: https://sources.buildroot.net/ufs-utils/ufs-utils-7.14.12.tar.gz with hash: sha256 96cd578722830bc7d8a418d528a3067c0b80ad437f66c3333ebc238fe52436a2 ufs-utils-7.14.12.tar.gz and: https://github.com/SanDisk-Open-Source/ufs-utils/archive/v7.14.12/ufs-utils-7.14.12.tar.gz with hash: sha256 96d15ce4b0990049d812d24afc2a62240c1a4aa534ea6aebb5aebd34dccb2dac ufs-utils-7.14.12.tar.gz Running "diffoscope" on those two archives seems to point toward the upstream commit: https://github.com/SanDisk-Open-Source/ufs-utils/commit/989dcd297223d6896c5892532d14984326fa093d The file dates are also different inside the tar file. Could you reword the commit log to include those details, please? > Tests show that the tarball stored in Buildroot mirrors has a > SHA1 matching the one in the hash file, while the one downloaded from ^^^^ actually it is SHA256 (also below). > the SanDisk repository has a different SHA1: > > wget -nd -t 3 --connect-timeout=10 -O > '/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.68J1WJ/output' > 'https://github.com/SanDisk-Open-Source/ufs-utils/archive/v7.14.12/ufs-utils-7.14.12.tar.gz' > --2025-08-07 11:07:32-- > https://github.com/SanDisk-Open-Source/ufs-utils/archive/v7.14.12/ufs-utils-7.14.12.tar.gz > Resolving github.com (github.com)... 140.82.121.4 > Connecting to github.com (github.com)|140.82.121.4|:443... connected. > HTTP request sent, awaiting response... 302 Found > Location: > https://codeload.github.com/SanDisk-Open-Source/ufs-utils/tar.gz/refs/tags/v7.14.12 > [following] > --2025-08-07 11:07:32-- > https://codeload.github.com/SanDisk-Open-Source/ufs-utils/tar.gz/refs/tags/v7.14.12 > Resolving codeload.github.com (codeload.github.com)... 140.82.121.10 > Connecting to codeload.github.com > (codeload.github.com)|140.82.121.10|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [application/x-gzip] > Saving to: > ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.68J1WJ/output’ > > /home/dario/projects/buildroot/output/b [ <=> > ] 77.76K > --.-KB/s in 0.06s > > 2025-08-07 11:07:32 (1.32 MB/s) - > ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.68J1WJ/output’ > saved [79623] > > ERROR: while checking hashes from package/ufs-utils/ufs-utils.hash > ERROR: ufs-utils-7.14.12.tar.gz has wrong sha256 hash: > ERROR: expected: > 96cd578722830bc7d8a418d528a3067c0b80ad437f66c3333ebc238fe52436a2 > ERROR: got : > 96d15ce4b0990049d812d24afc2a62240c1a4aa534ea6aebb5aebd34dccb2dac > ERROR: Incomplete download, or man-in-the-middle (MITM) attack > wget -nd -t 3 --connect-timeout=10 -O > '/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.HYpqKm/output' > 'https://sources.buildroot.net/ufs-utils/ufs-utils-7.14.12.tar.gz' > --2025-08-07 11:07:32-- > https://sources.buildroot.net/ufs-utils/ufs-utils-7.14.12.tar.gz > Resolving sources.buildroot.net (sources.buildroot.net)... > 2606:4700:20::681a:25, 2606:4700:20::ac43:4838, 2606:4700:20::681a:125, > ... > Connecting to sources.buildroot.net > (sources.buildroot.net)|2606:4700:20::681a:25|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 79619 (78K) [application/x-gtar-compressed] > Saving to: > ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.HYpqKm/output’ > > /home/dario/projects/buildroot/output/b > 100%[===================================================================================>] > 77.75K --.-KB/s in 0.02s > > 2025-08-07 11:07:33 (4.96 MB/s) - > ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.HYpqKm/output’ > saved [79619/79619] > > ufs-utils-7.14.12.tar.gz: OK (sha256: > 96cd578722830bc7d8a418d528a3067c0b80ad437f66c3333ebc238fe52436a2) > > Fixes: > https://autobuild.buildroot.org/results/b69/b69472d2eaf27dfcc97c300b96868cab52068ce9 > https://autobuild.buildroot.org/results/429/429a28669d98c6f424f33a211eb0ebb48c6f4553 > https://autobuild.buildroot.org/results/01b/01b90bd7d78a34ae732191b750efc69f195c78ec > https://autobuild.buildroot.org/results/a09/a097e48314be2f522238880e9ab4529cebeff47b > > [1] https://github.com/SanDisk-Open-Source/ufs-utils/pull/70 > Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> Could you raise a ticket to highlight this issue to in the upstream please? we should make sure upstream maintainers are aware of this situation. Then could you add a reference of this ticket in the commit log? We cannot really afford having several different copies of the same archive name with different contents. We will probably have to remove the "old" version from the Buildroot cache. Could you send an updated version of this patch, please? Best regards, Julien. To unsubscribe from this group and stop receiving emails from it, send an email to linux-amarula+unsubscribe@amarulasolutions.com.
diff --git a/package/ufs-utils/ufs-utils.hash b/package/ufs-utils/ufs-utils.hash index 89053996ab3b..e32275950229 100644 --- a/package/ufs-utils/ufs-utils.hash +++ b/package/ufs-utils/ufs-utils.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 96cd578722830bc7d8a418d528a3067c0b80ad437f66c3333ebc238fe52436a2 ufs-utils-7.14.12.tar.gz +sha256 96d15ce4b0990049d812d24afc2a62240c1a4aa534ea6aebb5aebd34dccb2dac ufs-utils-7.14.12.tar.gz sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c COPYING
I think the issue is caused by PR [1] being merged without a rebase, which may have triggered an automatic re-generation of the tar.gz archive. Tests show that the tarball stored in Buildroot mirrors has a SHA1 matching the one in the hash file, while the one downloaded from the SanDisk repository has a different SHA1: wget -nd -t 3 --connect-timeout=10 -O '/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.68J1WJ/output' 'https://github.com/SanDisk-Open-Source/ufs-utils/archive/v7.14.12/ufs-utils-7.14.12.tar.gz' --2025-08-07 11:07:32-- https://github.com/SanDisk-Open-Source/ufs-utils/archive/v7.14.12/ufs-utils-7.14.12.tar.gz Resolving github.com (github.com)... 140.82.121.4 Connecting to github.com (github.com)|140.82.121.4|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://codeload.github.com/SanDisk-Open-Source/ufs-utils/tar.gz/refs/tags/v7.14.12 [following] --2025-08-07 11:07:32-- https://codeload.github.com/SanDisk-Open-Source/ufs-utils/tar.gz/refs/tags/v7.14.12 Resolving codeload.github.com (codeload.github.com)... 140.82.121.10 Connecting to codeload.github.com (codeload.github.com)|140.82.121.10|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [application/x-gzip] Saving to: ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.68J1WJ/output’ /home/dario/projects/buildroot/output/b [ <=> ] 77.76K --.-KB/s in 0.06s 2025-08-07 11:07:32 (1.32 MB/s) - ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.68J1WJ/output’ saved [79623] ERROR: while checking hashes from package/ufs-utils/ufs-utils.hash ERROR: ufs-utils-7.14.12.tar.gz has wrong sha256 hash: ERROR: expected: 96cd578722830bc7d8a418d528a3067c0b80ad437f66c3333ebc238fe52436a2 ERROR: got : 96d15ce4b0990049d812d24afc2a62240c1a4aa534ea6aebb5aebd34dccb2dac ERROR: Incomplete download, or man-in-the-middle (MITM) attack wget -nd -t 3 --connect-timeout=10 -O '/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.HYpqKm/output' 'https://sources.buildroot.net/ufs-utils/ufs-utils-7.14.12.tar.gz' --2025-08-07 11:07:32-- https://sources.buildroot.net/ufs-utils/ufs-utils-7.14.12.tar.gz Resolving sources.buildroot.net (sources.buildroot.net)... 2606:4700:20::681a:25, 2606:4700:20::ac43:4838, 2606:4700:20::681a:125, ... Connecting to sources.buildroot.net (sources.buildroot.net)|2606:4700:20::681a:25|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 79619 (78K) [application/x-gtar-compressed] Saving to: ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.HYpqKm/output’ /home/dario/projects/buildroot/output/b 100%[===================================================================================>] 77.75K --.-KB/s in 0.02s 2025-08-07 11:07:33 (4.96 MB/s) - ‘/home/dario/projects/buildroot/output/build/.ufs-utils-7.14.12.tar.gz.HYpqKm/output’ saved [79619/79619] ufs-utils-7.14.12.tar.gz: OK (sha256: 96cd578722830bc7d8a418d528a3067c0b80ad437f66c3333ebc238fe52436a2) Fixes: https://autobuild.buildroot.org/results/b69/b69472d2eaf27dfcc97c300b96868cab52068ce9 https://autobuild.buildroot.org/results/429/429a28669d98c6f424f33a211eb0ebb48c6f4553 https://autobuild.buildroot.org/results/01b/01b90bd7d78a34ae732191b750efc69f195c78ec https://autobuild.buildroot.org/results/a09/a097e48314be2f522238880e9ab4529cebeff47b [1] https://github.com/SanDisk-Open-Source/ufs-utils/pull/70 Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> --- package/ufs-utils/ufs-utils.hash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)