Opened 4 months ago
Closed 3 months ago
#70495 closed defect (fixed)
pass @1.7.4: checksum mismatch
| Reported by: | barracuda156 | Owned by: | judaew (Vadym-Valdis Yudaiev) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.9.3 |
| Keywords: | Cc: | ||
| Port: | pass |
Description
---> password-store-1.7.4.tar.xz does not exist in /opt/local/var/macports/distfiles/pass
---> Attempting to fetch password-store-1.7.4.tar.xz from https://git.zx2c4.com/password-store/snapshot/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 65280 0 65280 0 0 51467 0 --:--:-- 0:00:01 --:--:-- 51482
---> Verifying checksums for pass
---> Checksumming password-store-1.7.4.tar.xz
Error: Checksum (rmd160) mismatch for password-store-1.7.4.tar.xz
Portfile checksum: password-store-1.7.4.tar.xz rmd160 c1ac8d01ba88fad13cb5c7a6dcb2b7f3f58bb36c
Distfile checksum: password-store-1.7.4.tar.xz rmd160 6b994e9165621d557d070701923a19ab20acf540
Error: Checksum (sha256) mismatch for password-store-1.7.4.tar.xz
Portfile checksum: password-store-1.7.4.tar.xz sha256 cfa9faf659f2ed6b38e7a7c3fb43e177d00edbacc6265e6e32215ff40e3793c0
Distfile checksum: password-store-1.7.4.tar.xz sha256 4c2d0a8b99df8915a87099607a8d912fd05d30651b6f014745c14e4ca8dbbfb7
Error: Checksum (size) mismatch for password-store-1.7.4.tar.xz
Portfile checksum: password-store-1.7.4.tar.xz size 65272
Distfile checksum: password-store-1.7.4.tar.xz size 65280
The correct checksum line may be:
checksums rmd160 6b994e9165621d557d070701923a19ab20acf540 \
sha256 4c2d0a8b99df8915a87099607a8d912fd05d30651b6f014745c14e4ca8dbbfb7 \
size 65280
Error: Failed to checksum pass: Unable to verify file checksums
Change History (2)
comment:1 Changed 4 months ago by ryandesign (Ryan Carsten Schmidt)
| Summary: | pass: checksum mismatch → pass @1.7.4: checksum mismatch |
|---|
comment:2 Changed 3 months ago by ryandesign (Ryan Carsten Schmidt)
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
Yes, a stealth update has occurred. Unfortunately the project's official download link is a tarball automatically generated from their repository, and the way that that tarball gets generated appears to have changed since we mirrored the file in 2021. The files in the tarball are identical, as is the tarball itself, but the surrounding gzip compression has changed. This could be the same problem that bit GitHub, CodeBerg, and everybody else when they upgraded to git 2.38 without understanding the impact of the fact that it changed the default compression method from an external gzip command to an internal implementation.
Since there is no benefit to us to switching to the new distfile, the port should avoid the stealth update until the next version is released by setting
master_sites macports_distfiles.The developers of pass should be notified that this has happened, and encouraged to switch to separately-archived distfiles that are guaranteed never to change. If they like, they can simply download a snapshot from their repository server or one created locally using
git archiveand then upload that to some permanent storage.