Build problem for Tag v1.28.0. Checksum of quiche-envoy-integration/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz was changed

[svagner]

Description: While trying to build Envoy from v1.28.0 build fails with error:

WARNING: Download from https://storage.googleapis.com/quiche-envoy-integration/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz failed: class com.google.devtools.build.lib.bazel.repository.downloader.UnrecoverableHttpException Checksum was fc694942e8a7491dcc1dde1bddf48a31370a1f46fef862bc17acf07c34dc6325 but wanted 59f14d4fb373083b9dc8d389f16bbb817b5f936d1d436aa67e16eb6936028a51
     Loading: 
     ERROR: An error occurred during the fetch of repository 'com_googlesource_googleurl':
        Traceback (most recent call last):
        File "/root/.cache/bazel/_bazel_root/eab0d61a99b6696edb3d2aff87b585e8/external/bazel_tools/tools/build_defs/repo/http.bzl", line 132, column 45, in _http_archive_impl
            download_info = ctx.download_and_extract(
     Error in download_and_extract: java.io.IOException: Error downloading [https://storage.googleapis.com/quiche-envoy-integration/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz] to /root/.cache/bazel/_bazel_root/eab0d61a99b6696edb3d2aff87b585e8/external/com_googlesource_googleurl/temp13642137462680158237/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz: Checksum was fc694942e8a7491dcc1dde1bddf48a31370a1f46fef862bc17acf07c34dc6325 but wanted 59f14d4fb373083b9dc8d389f16bbb817b5f936d1d436aa67e16eb6936028a51
     Loading: 
     ERROR: /workspace/WORKSPACE:24:19: fetching http_archive rule //external:com_googlesource_googleurl: Traceback (most recent call last):
        File "/root/.cache/bazel/_bazel_root/eab0d61a99b6696edb3d2aff87b585e8/external/bazel_tools/tools/build_defs/repo/http.bzl", line 132, column 45, in _http_archive_impl
            download_info = ctx.download_and_extract(
     Error in download_and_extract: java.io.IOException: Error downloading [https://storage.googleapis.com/quiche-envoy-integration/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz] to /root/.cache/bazel/_bazel_root/eab0d61a99b6696edb3d2aff87b585e8/external/com_googlesource_googleurl/temp13642137462680158237/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz: Checksum was fc694942e8a7491dcc1dde1bddf48a31370a1f46fef862bc17acf07c34dc6325 but wanted 59f14d4fb373083b9dc8d389f16bbb817b5f936d1d436aa67e16eb6936028a51
     Loading: 
     ERROR: @com_googlesource_googleurl//build_config:system_icu :: Error loading option @com_googlesource_googleurl//build_config:system_icu: java.io.IOException: Error downloading [https://storage.googleapis.com/quiche-envoy-integration/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz] to /root/.cache/bazel/_bazel_root/eab0d61a99b6696edb3d2aff87b585e8/external/com_googlesource_googleurl/temp13642137462680158237/dd4080fec0b443296c0ed0036e1e776df8813aa7.tar.gz: Checksum was fc694942e8a7491dcc1dde1bddf48a31370a1f46fef862bc17acf07c34dc6325 but wanted 59f14d4fb373083b9dc8d389f16bbb817b5f936d1d436aa67e16eb6936028a51

Repro steps:

1. Checkout to v1.28.0
2. Run bazel build

Latest commit: b5ca88acee3453c9459474b8f22215796eff4dde

[svagner]

It's the same with all tags though. Branches were fixed because of https://github.com/envoyproxy/envoy/commit/2ed8986f72dcdfabd9e48df67b3b73ac5914d753. But it makes envoy build n other idempotent. I do believe idempotency is the main goal of using Bazel. Do you have any insight why quiche-envoy-integration was changed? Do we have any workaround for it?

[phlax]

hi @svagner this was due to an upstream dependency change that has now been fixed on all branches

the latest commit for the release/v1.28 branch is 2ed8986f72dcdfabd9e48df67b3b73ac5914d753

1.28.0 is a release tag and will never change

there was another dep change last week that was not backported to 1.28 on the basis that it goes EOL in the next couple of days

if you want to raise a PR to backport that fix im happy to land it - mainline fix is here https://github.com/envoyproxy/envoy/commit/06ea5be1a0919908948dfb04a9262e1ba7bf922c

[sfc-gh-abhala]

Hi @phlax , Is there a plan to make a 1.31 release with this change. We are pulling the 1.31.2 and it is failing.

[sokaran]

Hi! Same here, but with v1.28.7, any plan to do release for another 1.28.x with this fix in? in the project we use envoy we cannot afford at this moment uplift to a different minor version and we always prefer use released versions and not specific commits. Thank you!

[phlax]

hi @sokaran unfortunately 1.28 is about to go EOL so we are unlikely to cut another release for that branch

i will be cycling a set of patch releases with these fixes for the other supported branches (1.29-31) either this week or next tho - so you will have the option of updating to a supported release branch - or if you want to stay on 1.28 for some reason then using the latest commit on the release/v1.28 branch

[Winbobob]

Hi @phlax , Is there a plan to make a 1.31 release with this change. We are pulling the 1.31.2 and it is failing.

I think release branch 1.31 has already included these two changes #36515 and #36540. Just 1.31.3 has not been released yet. You may use the lastest commit of release branch 1.31 to build envoy or wait for 1.31.3

[phlax]

all of the branches 1.28-1.31 have the fix

[ningyougang]

@phlax

We are using 1.25.4 envoy version, is it safe to fix this issue with this commit ？ (I am testing on our env)

[phlax]

its probably safe with a couple of caveats

firstly 1.25 has been EOL for some time - so its your responsibility to pick any security patches from later versions that might effect your build, and relatedly we cant guarantee that no others are needed

picking the googleurl hash fix should be safe in itself assuming its the same version (i think it is)