Opened 21 months ago
Closed 20 months ago
#67080 closed defect (fixed)
cmake @3.24.3: checksum mismatch
| Reported by: | papadil | Owned by: | michaelld (Michael Dickens) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.8.1 |
| Keywords: | haspatch | Cc: | ryandesign (Ryan Carsten Schmidt) |
| Port: | cmake |
Description (last modified by ryandesign (Ryan Carsten Schmidt))
Attempting to fetch cmake-3.24.3.tar.bz2 from https://gitlab.kitware.com/cmake/cmake/-/archive/v3.24.3 ---> Verifying checksums for cmake Error: Checksum (rmd160) mismatch for cmake-3.24.3.tar.bz2 Error: Checksum (sha256) mismatch for cmake-3.24.3.tar.bz2 Error: Checksum (size) mismatch for cmake-3.24.3.tar.bz2 Error: Failed to checksum cmake: Unable to verify file checksums
Change History (6)
comment:1 follow-ups: 2 3 Changed 21 months ago by ryandesign (Ryan Carsten Schmidt)
| Description: | modified (diff) |
|---|---|
| Owner: | set to michaelld |
| Status: | new → assigned |
| Summary: | Checksum error in cmake-3.24.3 → cmake @3.24.3: checksum mismatch |
comment:2 Changed 21 months ago by ryandesign (Ryan Carsten Schmidt)
Replying to ryandesign:
Hmm, I can't even get that far:
Ignore that; I was logged into the wrong computer (one running Snow Leopard) so the SSL error was expected.
On Monterey, I do see the checksum mismatch.
comment:3 follow-up: 4 Changed 21 months ago by ryandesign (Ryan Carsten Schmidt)
The difference between the old archive (which we mirrored on our servers) and the new archive (currently being served by kitware) is:
% diff -ru {macports,kitware}/cmake-v3.24.3-c974557598645360fbabac71352b083117e3cc17
diff -ru macports/cmake-v3.24.3-c974557598645360fbabac71352b083117e3cc17/Source/CMakeVersion.cmake kitware/cmake-v3.24.3-c974557598645360fbabac71352b083117e3cc17/Source/CMakeVersion.cmake
--- macports/cmake-v3.24.3-c974557598645360fbabac71352b083117e3cc17/Source/CMakeVersion.cmake 2022-11-01 09:55:49.000000000 -0500
+++ kitware/cmake-v3.24.3-c974557598645360fbabac71352b083117e3cc17/Source/CMakeVersion.cmake 2022-11-01 09:55:49.000000000 -0500
@@ -21,7 +21,7 @@
if(NOT CMake_VERSION_NO_GIT)
# If this source was exported by 'git archive', use its commit info.
- set(git_info [==[c974557598 CMake 3.24.3]==])
+ set(git_info [==[c9745575986 CMake 3.24.3]==])
# Otherwise, try to identify the current development source version.
if(NOT git_info MATCHES "^([0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]?[0-9a-f]?)[0-9a-f]* "
So some kind of stealth update caused by something in gitlab? I feel like I've seen a very similar problem recently in another port. I don't know if gitlab has increased the number of characters used for git short hashes by one globally, or if it only happens if the short hash is no longer unique without increasing its length. Either way, it's more ammunition for the argument that we should not be using automatically-generated tarballs since their checksums can change for a variety of reasons outside of our control.
The simplest solution in this case is probably to update the cmake port to 3.24.4.
comment:4 Changed 21 months ago by ryandesign (Ryan Carsten Schmidt)
Replying to ryandesign:
The simplest solution in this case is probably to update the cmake port to 3.24.4.
And while you're doing that, switch to using a release download so that the contents will not unexpectedly change in the future. The cmake port is currently configured to get an automatically-generated tarball from gitlab, but the download URLs on the cmake web site go to the releases on GitHub. You could use those by switching to the github portgroup and using github.tarball_from releases.
comment:5 Changed 20 months ago by ryandesign (Ryan Carsten Schmidt)
| Cc: | ryandesign added |
|---|---|
| Keywords: | haspatch added |
comment:6 Changed 20 months ago by ryandesign (Ryan Carsten Schmidt)
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Hmm, I can't even get that far: