search

NVIDIA / build-system-archive-import-examples

Examples for importing precompiled binary tarball and zip archives into various build and packaging systems
MIT License
10 stars 5 forks source link

cuda_nvcc-linux-x86_64-12.2.91-archive.tar.xz: hash mismatch #8

Closed SomeoneSerge closed 1 year ago

SomeoneSerge commented 1 year ago

Re-posting from https://github.com/NixOS/nixpkgs/pull/240457

❯ wget https://developer.download.nvidia.com/compute/cuda/redist/cuda_nvcc/linux-x86_64/cuda_nvcc-linux-x86_64-12.2.91-archive.tar.xz
❯ sha256sum cuda_nvcc-linux-x86_64-12.2.91-archive.tar.xz
d703af09bea3999b40c8c04095a78ec76ccf02b11094059300a3a9c2bd52ec61  cuda_nvcc-linux-x86_64-12.2.91-archive.tar.xz
❯ cat redistrib_12.2.0.json | jq .cuda_nvcc.'"linux-x86_64"'.sha256
"c899c58d07dbbe337abead01337a2aec72a7fd4600b95838b044335c85199c6b"
kmittman commented 1 year ago

Thank you for filing this @SomeoneSerge !

I've updated our automation to prevent this going forward and have regenerated the JSON manifest https://developer.download.nvidia.com/compute/cuda/redist/redistrib_12.2.0.json

Root cause: most of of the key-values are retrieved from a source of truth. However, a few were getting calculated during the JSON generation notably: sha256, size, and the release_* properties.

Recent changes to support multiple artifact "variants" introduced a regression. Rather than fix that workaround, now properly pull the sha256 and size values from the source of truth.

Verified the SHA256 checksums match now

$ parse_redist.py -XF -p cuda -l 12.2.0