search

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
15.47k stars 4.76k forks source link

Checksums for Alpine related artifacts are not readily consumable. #2954

Open MichaelSimons opened 7 years ago

MichaelSimons commented 7 years ago

Steps to reproduce

Write logic to download an Alpine artifact with checksum verification. The checksum in this example was retrieved from https://dotnetclichecksums.blob.core.windows.net/dotnet/Runtime/2.1.0-preview1-25901-02/dotnet-runtime-2.1.0-preview1-25901-02-alpine.3.6-x64.tar.gz.sha512

wget -O dotnet.tar.gz https://dotnetcli.blob.core.windows.net/dotnet/Runtime/2.1.0-preview1-25901-02/dotnet-runtime-2.1.0-preview1-25901-02-alpine.3.6-x64.tar.gz \
    && echo "2C7FF8A63C03354B6C3F563F662E8820108BE7995B2D72DB7D5446AD579977A37DB46BAE7C5DE918B4423A1C37BCFD505DF514248F253BE1ED2D9A84A982AA98  dotnet.tar.gz" | sha512sum -c -

Expected behavior

Checksum verification should pass.

Actual behavior

sha512sum: WARNING: 1 of 1 computed checksums did NOT match

The reason for the failure is that the checksum copied from https://dotnetclichecksums.blob.core.windows.net/dotnet/Runtime/2.1.0-preview1-25901-02/dotnet-runtime-2.1.0-preview1-25901-02-alpine.3.6-x64.tar.gz.sha512 is upper cased. The Alpine sha512sum implementation expects the checksum to be lower cased 2c7ff8a63c03354b6c3f563f662e8820108be7995b2d72db7d5446ad579977a37db46bae7c5de918b4423a1c37bcfd505df514248f253be1ed2d9a84a982aa98.

Environment data

Running on alpine 3.6

cc @janvorli

mohanlalrb commented 6 years ago

I am facing the same issue, but couldn't figure out a solution out of this conversation. Am I missing something here?

MichaelSimons commented 6 years ago

@mohanlalrb - did you try running the provided checksum through a ToLower conversion?

mohanlalrb commented 6 years ago

I upgraded to alpine image 3.7 and the error went away. Will give "ToLower" a try with alpine 3.4 for which I was trying before. Also, I found a msdn link : "https://blogs.msdn.microsoft.com/dotnet/2018/05/30/announcing-net-core-2-1/" which says .NET Core 2.1 is supported from alpine 3.7+. Please correct me if I have mistaken something. Thanks.

dagood commented 4 years ago

(Triage) Note from @MichaelSimons: the checksums blob storage is still uppercase everywhere (based on spot check) and releases.json is lowercase.

This is still valid to fix: it makes sense to have the checksum match the platform's expectations.

MichaelSimons commented 3 years ago

I verified this is still an issue for 6.0. e.g - https://dotnetclichecksums.blob.core.windows.net:443/dotnet/Sdk/6.0.100-alpha.1.20609.2/dotnet-sdk-6.0.100-alpha.1.20609.2-linux-musl-x64.tar.gz.sha