FIXED: 🚨 Wrong SHA Hash in Homebrew Formula

[stherold]

Our dependency installation aborts now constantly because you have a mismatch in you SHA2 between

• https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/transcrypt.rb (0075a25f7fb48ddfcfb33dd834a5f12fe0644ed4fb5ab0a5f2f7dca06e9ed48c) and
• https://github.com/elasticdog/transcrypt/archive/v2.1.0.tar.gz (02193c435543f3a2dd8f3d8c588e90f01979a66037d783275e25e3108e39c060)

Since we cannot install an old version of Transcrypt via Homebrew this is quite critical for us.

[christophemenager]

I have the exact same issue This is quite critical for us too...

[jmurty]

Shoot! That's my fault, I moved the v2.1.0 tag to a later commit to include changes related to the 2.1.0 release but didn't think through the implications.

I have moved the tag back which should fix the problem, I'll test myself now.

[stherold]

The problem is that the Homebrew formula has to be renewed since it still has the wrong SHA. A nice way to check the SHA256 checksum is:

curl -sL https://github.com/elasticdog/transcrypt/archive/v2.1.0.tar.gz | sha256sum

[jmurty]

I have fixed the v2.1.0 tag but the tag-based tarball downloads from https://github.com/elasticdog/transcrypt/archive/v2.1.0.tar.gz (via https://codeload.github.com/elasticdog/transcrypt/tar.gz/v2.1.0) still hash to the incorrect 02193c43... SHA2 value.

I think this is because the tarball downloads are cached and not regenerated immediately, but that doesn't help much since I don't know when the corrected tag version will become.

[stherold]

What a bout a Hotfix release?

[jmurty]

I was holding off on a hotfix tag and PR update to the brew formula in the hope the tarball archive would update before too long, and I think it now has.

The tarball download of v2.1.0 is now updated and fixed for me:

curl -sL https://github.com/elasticdog/transcrypt/archive/v2.1.0.tar.gz | shasum -a 256
0075a25f7fb48ddfcfb33dd834a5f12fe0644ed4fb5ab0a5f2f7dca06e9ed48c

A fresh install with brew install transcrypt also worked for me, but I had to clear homebrew cache first with brew cleanup --prune 0 transcrypt

Can anyone else confirm the fix?

[jmurty]

I believe this is now fixed. However, on systems that downloaded the faulty v2.1.0.tar.gz file the Homebrew download cache may need to be cleared before the fixed version will be re-downloaded.

Clear (prune) the Homebrew download cache of transcrypt files with:

brew cleanup --prune 0 transcrypt

You can tell you need to clear the download cache if you see "Already downloaded" before the "SHA256 mismatch" error message. This is what it looks like if your system has cached the faulty download:

$ brew install transcrypt
==> Downloading https://github.com/elasticdog/transcrypt/archive/v2.1.0.tar.gz
Already downloaded: /Users/username/Library/Caches/Homebrew/downloads/8770dfdc30308b964be8dc82a6b72dceb7585a60d1e90e8ad34d3b054883a6fa--transcrypt-2.1.0.tar.gz
Error: SHA256 mismatch

Sorry to @stherold, @christophemenager and anyone else affected by this issue. Moving that tag was a dumb thing for me to do.

[stherold]

For me the local reinstall works and Bitrise CI (which installs the version fresh everytime) is also working. Thanks for the quick fix 👍

Issue can be closed from my side.

[christophemenager]

Problem is fixed for me too ! Thanks @jmurty for your reactivity :)

[elasticdog]

Looks like I should re-sign the commit with the v2.1.0 tag since it no longer shows up as "verified"? I haven't done that before, but I'll poke at it.

[elasticdog]

Okay, I just force-pushed the signed tag so it is now verified. I've checked that the archive's sha256sum matches above, and the release page looks as expected.

@jmurty can you re-verify on your end before closing this out?

[stherold]

For me the SHA is still matching the one in https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/transcrypt.rb

[jmurty]

Thanks @elasticdog! I have confirmed that the SHA256 matches on direct download and a Homebrew reinstall also works.

I will leave this issue open for a few days so it's easier to find in case anyone is stuck after downloading the faulty archive. I will add a "FIXED" prefix to the title in the meantime to show it has been fixed.

[jmurty]

It's been a while since I broke Homebrew installations, so it should be okay to close this issue now.