From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EEF34C46CD3 for ; Tue, 26 Dec 2023 21:18:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 980B9409E6; Tue, 26 Dec 2023 21:18:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 980B9409E6 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PavKWU1QL4GM; Tue, 26 Dec 2023 21:18:12 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp2.osuosl.org (Postfix) with ESMTP id 31E7A4098F; Tue, 26 Dec 2023 21:18:11 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 31E7A4098F Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id ACF9E1BF20F for ; Tue, 26 Dec 2023 21:18:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 866A760FFF for ; Tue, 26 Dec 2023 21:18:09 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 866A760FFF X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPtlYXa9JO-S for ; Tue, 26 Dec 2023 21:18:08 +0000 (UTC) Received: from smtp1-g21.free.fr (smtp1-g21.free.fr [IPv6:2a01:e0c:1:1599::10]) by smtp3.osuosl.org (Postfix) with ESMTPS id 5A72360FE8 for ; Tue, 26 Dec 2023 21:18:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5A72360FE8 Received: from ymorin.is-a-geek.org (unknown [IPv6:2a01:cb19:8290:3800:4f89:5708:1633:580e]) (Authenticated sender: yann.morin.1998@free.fr) by smtp1-g21.free.fr (Postfix) with ESMTPSA id 32C17B00539; Tue, 26 Dec 2023 22:18:03 +0100 (CET) Received: by ymorin.is-a-geek.org (sSMTP sendmail emulation); Tue, 26 Dec 2023 22:18:02 +0100 Date: Tue, 26 Dec 2023 22:18:02 +0100 From: "Yann E. MORIN" To: Petr Vorel Message-ID: References: <20231226120251.693371-1-petr.vorel@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20231226120251.693371-1-petr.vorel@gmail.com> X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=free.fr; s=smtp-20201208; t=1703625486; bh=DxJciUFQn+CgoV+Hpv5ef7hFbC+bUhwkGw5lKz8VaTM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=U9Ed2jw8NAKhZ+hBqBLAUjq3nb3OF5oVqYSlMoplKi4WeyeAD6NZsV+/RqKoVctTi d9Md0pd4GqO3WCWdgw/wMZw8fWiCrBrRyLLY7jMYg0jxcDKnFW8jKpukKtJt6m/y9C /1l9qtAQQw5EZYjcIljOaCBF+SJiXJfWhXU5d9RVDJMFK1+penM6fPd56qTznE+8L5 Dq+f/bdfoVz5eetUCqtmxtuVhf/gt1ah0qUj6rWvsqAJS8ZVa5YEkPsWzkjclfp7hi a0Fjz6CAbihDcQUmfov6S5GyQn633zoHdMV1NC9g83QKj0UXU36guzfnN2EZxIAMlY Dgiy2etOssdJA== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=free.fr header.i=@free.fr header.a=rsa-sha256 header.s=smtp-20201208 header.b=U9Ed2jw8 Subject: Re: [Buildroot] [PATCH 1/1] package/iputils: fix IPUTILS_SITE URL X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Petazzoni , buildroot@buildroot.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" Petr, All, On 2023-12-26 13:02 +0100, Petr Vorel spake thusly: > Upstream in release 20231222 shipped self generated iputils-20231222.tar.gz, > which is signed and thus has different checksum than "Source code (tar.gz)" > generated by github. Therefore different URL needs to be used to get > correct checksum. > > Fixes: > > http://autobuild.buildroot.net/results/e9b39e142d5f56bf589253a10ed4722dbbda375c > > Fixes: 32da4422f9 ("package/iputils: bump version to 20231222") > Signed-off-by: Petr Vorel Applied to master, thanks. > --- > Hi all, > > I'm sorry for this error. Although I tested package with utils/test-pkg > I probably had cached package in dl/iputils, that's why I haven't > noticed failing checksum [1]: Ah, I also got bitten a few times now and then. No worries, thank you for fixing it up promptly! Regards, Yann E. MORIN. > >>> iputils 20231222 Downloading > wget --passive-ftp -nd -t 3 -O '/home/buildroot/autobuild/instance-1/output-1/build/.iputils-20231222.tar.gz.nEeIiH/output' 'https://github.com/iputils/iputils/archive/20231222/iputils-20231222.tar.gz' > --2023-12-25 14:18:12-- https://github.com/iputils/iputils/archive/20231222/iputils-20231222.tar.gz > Resolving github.com (github.com)... 192.30.255.113 > Connecting to github.com (github.com)|192.30.255.113|:443... connected. > HTTP request sent, awaiting response... 302 Found > Location: https://codeload.github.com/iputils/iputils/tar.gz/refs/tags/20231222 [following] > --2023-12-25 14:18:13-- https://codeload.github.com/iputils/iputils/tar.gz/refs/tags/20231222 > Resolving codeload.github.com (codeload.github.com)... 192.30.255.121 > Connecting to codeload.github.com (codeload.github.com)|192.30.255.121|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [application/x-gzip] > Saving to: '/home/buildroot/autobuild/instance-1/output-1/build/.iputils-20231222.tar.gz.nEeIiH/output' > ... > 2023-12-25 14:18:13 (13.4 MB/s) - '/home/buildroot/autobuild/instance-1/output-1/build/.iputils-20231222.tar.gz.nEeIiH/output' saved [546838] > > ERROR: while checking hashes from package/iputils//iputils.hash > ERROR: iputils-20231222.tar.gz has wrong sha256 hash: > ERROR: expected: e3ce5e1a1f795c2d520985463b90e20f9388b7060796d54ad64509aa8e4af775 > ERROR: got : 18d51e7b416da0ecbc0ae18a2cba76407ca0b5b3f32c356034f258a0cb56793f > ERROR: Incomplete download, or man-in-the-middle (MITM) attack > wget --passive-ftp -nd -t 3 -O '/home/buildroot/autobuild/instance-1/output-1/build/.iputils-20231222.tar.gz.1wDgdq/output' 'https://sources.buildroot.net/iputils/iputils-20231222.tar.gz' > > Package which buildroot uses via $(call github ...) is from archive: > > $ wget --passive-ftp -nd -t 3 -O /tmp/iputils-20231222.tar.gz https://github.com/iputils/iputils/archive/20231222/iputils-20231222.tar.gz > $ sha256sum /tmp/iputils-20231222.tar.gz > 18d51e7b416da0ecbc0ae18a2cba76407ca0b5b3f32c356034f258a0cb56793f /tmp/iputils-20231222.tar.gz > > But file which can be downloaded from releases page [2] is different: > > $ wget --passive-ftp -nd -t 3 -O iputils-20231222.tar.gz https://github.com/iputils/iputils/releases/download/20231222/iputils-20231222.tar.gz > $ sha256sum iputils-20231222.tar.gz > e3ce5e1a1f795c2d520985463b90e20f9388b7060796d54ad64509aa8e4af775 iputils-20231222.tar.gz > > Previously we used file generated by iputils, which has the same checksum as > these from archive: > $ wget -c https://github.com/iputils/iputils/archive/refs/tags/20231222.tar.gz > $ sha256sum 20231222.tar.gz > 18d51e7b416da0ecbc0ae18a2cba76407ca0b5b3f32c356034f258a0cb56793f 20231222.tar.gz > > In the package I used the checksum which is generated with uploaded > files and uploaded with them [3]. > > I compared the content of 20231222.tar.gz and iputils-20231222.tar.gz, the > content is the same. But the size differs: > > $ stat -c "%s %n" 20231222.tar.gz /tmp/iputils-20231222.tar.gz iputils-20231222.tar.gz > 546838 20231222.tar.gz > 546838 /tmp/iputils-20231222.tar.gz > 548875 iputils-20231222.tar.gz > > I suppose the difference is that I signed files in the release [2], but > files in archive are generated by github, thus obviously not signed. > I suppose this is obvious, but until now I haven't realized it. > > Kind regards, > Petr > > [1] http://autobuild.buildroot.net/results/e9b39e142d5f56bf589253a10ed4722dbbda375c/build-end.log > [2] https://github.com/iputils/iputils/releases/tag/20231222 > [3] https://github.com/iputils/iputils/releases/download/20231222/sha256sums.asc > > package/iputils/iputils.mk | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk > index a8f93488bb..bcf440ec93 100644 > --- a/package/iputils/iputils.mk > +++ b/package/iputils/iputils.mk > @@ -5,7 +5,7 @@ > ################################################################################ > > IPUTILS_VERSION = 20231222 > -IPUTILS_SITE = $(call github,iputils,iputils,$(IPUTILS_VERSION)) > +IPUTILS_SITE = https://github.com/iputils/iputils/releases/download/$(IPUTILS_VERSION) > IPUTILS_LICENSE = GPL-2.0+, BSD-3-Clause > IPUTILS_LICENSE_FILES = LICENSE Documentation/LICENSE.BSD3 Documentation/LICENSE.GPL2 > IPUTILS_CPE_ID_VENDOR = iputils_project > -- > 2.43.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot