checksum did NOT match in aws/codebuild/standard 5.0 6.0 or 7.0

[cferrer101]

Describe the bug

stunnel-5.69.tar.gz: sha256 check sum failed with dockerfiles for ubuntu standard 5.0 6.0 7.0

step:

Install stunnel

RUN set -ex \ && STUNNEL_VERSION=5.69 \ && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ && STUNNEL_SHA256="1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81" \ && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ && cd stunnel-$STUNNEL_VERSION \ && ./configure \ && make -j4 \ && make install \ && openssl genrsa -out key.pem 2048 \ && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ && cd .. && rm -rf stunnel-${STUNNEL_VERSION}*

I get this error:

-- 995 | + echo 1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81 stunnel-5.69.tar.gz 996 | + sha256sum --check 997 | sha256sum: WARNING: 1 computed checksum did NOT match 998 | stunnel-5.69.tar.gz: FAILED 999 | The command '/bin/sh -c set -ex && STUNNEL_VERSION=5.69 && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz && STUNNEL_SHA256="1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81" && curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR && cd stunnel-$STUNNEL_VERSION && ./configure && make -j4 && make install && openssl genrsa -out key.pem 2048 && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem && cd .. && rm -rf stunnel-${STUNNEL_VERSION}*' returned a non-zero code: 1 1000 |   1001 | [Container] 2023/05/24 17:57:55 Command did not exit successfully docker build -t aws/codebuild/standard:6.0 . exit status 1 1002 | [Container] 2023/05/24 17:57:55 Phase complete: BUILD State: FAILED_WITH_ABORT 1003 | [Container] 2023/05/24 17:57:55 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: docker build -t aws/codebuild/standard:6.0 .. Reason: exit status 1

[pmoghaddam]

https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/stunnel-5.69.tar.gz The mirror is unavailable.

You can unblock yourself temporarily by using https://www.stunnel.org/downloads/stunnel-5.69.tar.gz instead.

[joaonetto]

Change the dockerfile from:

&& curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \

to

&& curl -o $STUNNEL_TAR https://www.stunnel.org/downloads/stunnel-${STUNNEL_VERSION}.tar.gz && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \

[dgraeber]

Is there an anticipated timeline to address this issue...we are blocked.

[subinataws]

@dgraeber - We will get the mirror updated, but just wanted to make sure that you are aware that these pre-built Docker images from https://gallery.ecr.aws/codebuild/amazonlinux2-x86_64-standard.

[ghost]

@dgraeber - We will get the mirror updated, but just wanted to make sure that you are aware that these pre-built Docker images from https://gallery.ecr.aws/codebuild/amazonlinux2-x86_64-standard.

Not for aws/codebuild/standard. Can't seem to find anywhere to pull these.

[subinataws]

@charrington-strib - correct, we can only host and distribute docker images that are based on Amazon Linux. The image you mentioned is based on Ubuntu, which we cannot redistribute unfortunately due to licensing terms.

[ghost]

Okay; funny then that the public ECR repo isn't subject to the same licensing issue? https://gallery.ecr.aws/docker/library/ubuntu

Anyway; it would be ideal if there were some way to reproducibly build or pull the Ubuntu images so we can add a layer on top and benefit from CodeBuild caching. Rebuilding from scratch with a different Dockerfile will always produce a different hash and defeat the purpose.

[dgraeber]

@subinataws Thanks for getting on this! Yep, I am aware of the publicly available images, but as indicated above they are not the Ubuntu-based images. We have corrected our code to use the AL-based images provided, but we still have legacy code that needs the Ubuntu-based images...which we build (causing our blocked situation).

[subinataws]

This should be fixed now. Let us know if you face any more issues with building the docker image locally.