Closed offa closed 1 year ago
I'm also seeing this for some other packages: libpqxx/7.7.4
, fmt/8.1.1
, protobuf/3.21.4
libpqxx/7.7.4: Configuring sources in /root/.conan/data/libpqxx/7.7.4/_/_/source/src
ERROR: libpqxx/7.7.4: Error in source() method, line 99
get(self, **self.conan_data["sources"][self.version], destination=self.source_folder, strip_root=True)
ConanException: sha256 signature failed for '7.7.4.tar.gz' file.
Provided signature: 65b0a06fffd565a19edacedada1dcfa0c1ecd782cead0ee067b19e2464875c36
Computed signature: 17cb5d8e35018698b0cf162400546e1038aa09be4e444d59869307b7f4070e24
fmt/8.1.1: Configuring sources in /root/.conan/data/fmt/8.1.1/_/_/source/src
ERROR: fmt/8.1.1: Error in source() method, line 96
get(self, **self.conan_data["sources"][self.version],
ConanException: sha256 signature failed for '8.1.1.tar.gz' file.
Provided signature: 3d794d3cf67633b34b2771eb9f073bde87e846e0d395d254df7b211ef1ec7346
Computed signature: 48104b18e6779d4f04dea35a0a3845b102a04bab3cd111a98275b7a89e05e567
protobuf/3.21.4: Configuring sources in /root/.conan/data/protobuf/3.21.4/_/_/source/src
ERROR: protobuf/3.21.4: Error in source() method, line 86
get(self, **self.conan_data["sources"][self.version], strip_root=True)
ConanException: sha256 signature failed for 'v3.21.4.tar.gz' file.
Provided signature: 85d42d4485f36f8cec3e475a3b9e841d7d78523cd775de3a86dba77081f4ca25
Computed signature: efdaaf08f34af3b6cd906e59e181e3e30589a2fc2cc9d89036f92d529b9fe1cd
Yes, all auto generated tarball from github seem to be affected.
Thanks for reporting, I am pinning this issue since it's kinda beyond our control 😱
@prince-chrismc Is the response going to be to update all of the affect SHA in Conan or do we know that yet?
Do you know if the issue is just with .tar.gz
files?
What about .zip
files?
Is it a Github issue?
It looks like a generalized issue on GitHub https://github.com/orgs/community/discussions/45830
RIP
I hope they roll this back or every packaging system will be broken
https://github.com/orgs/community/discussions/45830#discussioncomment-4823531
Hey,
I'm one of the engineers in the Git Systems org at GitHub. I think there's been a misinterpretation of what we guarantee as far as stability.
If you generate a release for a particular tag, and you upload your own assets, such as a tarball or binaries, we'll guarantee those don't change. However, the automated "Source code (tar.gz)" and "Source code (zip)" links, as well as any automated archives we generate, aren't guaranteed to be stable. That's because Git doesn't guarantee stability here and we rely on Git to generate those archives on the fly, so as we upgrade, things may change.
If you need a stable source code archive, please generate a release and upload your own archive as part of this process, and then you can reference those with stable hashes.
To give you an example as to what's stable and what's not, if you look at the latest Git LFS release at https://github.com/git-lfs/git-lfs/releases/tag/v3.3.0, all of the Assets entries except the two "Source code" links at the bottom are guaranteed to be stable (since those two are autogenerated). You'll notice we ship our own stable tarball and signed hashes as part of the assets, and that works.
I apologize for the confusion here, and hopefully this clarifies things.
ouch..
Is this an opportunity to mirror everything? :-D
This is why conan-center must always try to dowwload stable archives instead of autogenerated github tarball, but lot of projects don't generate source code tarball of their releases... Yet, my understanding is that current issue only changed checksum of autogenerated .tar.gz, .tar.zip should not be affected (anybody can confirm?).
What about projects that don't even do releases?
No hope for these projects.
The amount of backslash on github is huge. The broke a lot of things with this. Hopefully they roll it back. This comment gets me lol https://github.com/bazel-contrib/SIG-rules-authors/issues/11#issuecomment-1409404725
Looks like the rollback is finished, I'm seeing my packages build again.
Indeed, it works again.
Description
Installation of Catch2 v3.3.0 fails due to hash mismatches since today:
Package and Environment Details
Docker image: N/AConan profile
Default Linux (GCC / Clang), Windows (MSVC) and Mac OS (Clang)
Steps to reproduce
Logs
Click to expand log
``` catch2/3.3.0: Configuring sources in /github/home/.conan/data/catch2/3.3.0/_/_/source/src ERROR: catch2/3.3.0: Error in source() method, line 92 get(self, **self.conan_data["sources"][self.version], destination=self.source_folder, strip_root=True) ConanException: sha256 signature failed for 'v3.3.0.tar.gz' file. Provided signature: fe2f29a54ca775c2dd04bb97ffb79d398e6210e3caa174348b5cd3b7e4ca887d Computed signature: 48f06c98e685ac809db092364a7ef5604ed51f3e9edacca1b4beb84cdd147038 ```