search

hyperledger / besu

An enterprise-grade Java-based, Apache 2.0 licensed Ethereum client https://wiki.hyperledger.org/display/besu
https://www.hyperledger.org/projects/besu
Apache License 2.0
1.44k stars 765 forks source link

Wrong checksum published for besu-24.1.1.tar.gz #6469

Closed hegjon closed 5 months ago

hegjon commented 5 months ago

The release notes lists the following: https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/24.1.1/besu-24.1.1.tar.gz / sha256 cfcae04c30769bf338b0740ac65870f9346d3469931bb46cdba3b2f65d311e7a

I have tested on two different machines and both returns:

$ sha256sum besu-24.1.1.tar.gz
4b0ddd5a25be2df5d2324bff935785eb63e4e3a5f421614ea690bacb5b9cb344  besu-24.1.1.tar.gz

The file is not corrupted:

$ tar tzf besu-24.1.1.tar.gz|head
besu-24.1.1/
besu-24.1.1/lib/
besu-24.1.1/lib/besu-evmtool-24.1.1.jar
besu-24.1.1/lib/besu-24.1.1.jar
besu-24.1.1/lib/besu-ethereum-ethstats-24.1.1.jar
besu-24.1.1/lib/besu-clique-24.1.1.jar
besu-24.1.1/lib/besu-ibft-24.1.1.jar
besu-24.1.1/lib/besu-qbft-24.1.1.jar
besu-24.1.1/lib/besu-consensus-common-24.1.1.jar
besu-24.1.1/lib/besu-retesteth-24.1.1.jar
hegjon commented 5 months ago

In case someone want to investigate if a file have been tampered:

$ find -type f | xargs sha256sum
39be51d559a75627781fc8efe4ccf92aa41203a9d49fc3a091f948a8e938658d  ./lib/besu-evmtool-24.1.1.jar
244af5aee3cbbf7b7b097b52c917b2955ecd8abd6130b0ed71e2d48a77feac61  ./lib/besu-24.1.1.jar
bbdf49d220b00125f8b91de9ce497c3125b3f6965be59238d9858dcb88bb92cd  ./lib/besu-ethereum-ethstats-24.1.1.jar
10fd312a8fd1d5c8eb7ba999037d4104d1ce81f656d08aefe18b5abd0783969e  ./lib/besu-clique-24.1.1.jar
d8e9d2c3087e2a872f6dfc447b3e7a0cfc9f48b3283f0ad40cf994de1b42ba2f  ./lib/besu-ibft-24.1.1.jar
f0ceb23d1adddaa02e18491070704bc15ca5ccbdd9a9796af43f748b93addb74  ./lib/besu-qbft-24.1.1.jar
736aa9c7d3b7967abefe14be5ab0d7f3c1e0519e845e7e7bd90739daaf7eace5  ./lib/besu-consensus-common-24.1.1.jar
a8bdce981721db87efb25fa149220517a7ca1ed6c5f777c099f508aed9b73fe5  ./lib/besu-retesteth-24.1.1.jar
74af67eb97617beb43cedfe4e812115969b7331abd94ca08d7e10b5a1ca47882  ./lib/besu-ethereum-stratum-24.1.1.jar
77023d71d79c69f0dbfa192593d727b5d60a04ff2374feb32e77d3fb2ca8bafc  ./lib/besu-api-24.1.1.jar
ff2addd7be5c1790b31c312cc87cedca71d58f8bef8597d81afb91d24f009087  ./lib/besu-merge-24.1.1.jar
a40e3c27693488f37cb1008cfca8f21098ba06d2e98be4baa4b2c054f6c297aa  ./lib/besu-blockcreation-24.1.1.jar
93e93a74975f86816fad0c6dee2b5492e8957119a162f120f252abf878d1633d  ./lib/besu-eth-24.1.1.jar
c03c23723d3ea6560bb6d1b3cbf29efe3ff3c5fbc58a7a6b859479859df1fe3f  ./lib/besu-permissioning-24.1.1.jar
069984231f10c9d642710dd607a70025d8c43f8c45aaec12655c0558c2c55f05  ./lib/besu-p2p-24.1.1.jar
9b1fd12a6893fd0ef8d637d21cc09364da1fcbb5474f4a7fd83e68a10cef2156  ./lib/besu-plugin-rocksdb-24.1.1.jar
d226602c2599f1494ea4e63dbe9ade7e1388cb071632c7de731588fe1017f4f4  ./lib/referencetests-24.1.1.jar
8f79e91f16f7aacd89e954ef5f1461127d8596d2412157ebfe613612d6dc24fe  ./lib/besu-core-24.1.1.jar
50cb348e551210392e3bde8a7162c6a8eacffaf30cc3407aac6720dd680f98e0  ./lib/core-support-test-24.1.1-test-support.jar
15579ff4ffcb49b17aee8b1ad9c3331b72d5da3a4435084dba1c3171c3f8c027  ./lib/besu-config-24.1.1.jar
e5f15ca6147d831e7a6c46781e638d765403128c0039d399f47eac9b307463f6  ./lib/besu-pki-24.1.1.jar
2726e829eda3f0e2d75132f74668853f6474488e8373ffe5508995f9eb0f4faf  ./lib/enclave-24.1.1.jar
5fdffe097927b940fe97078cec5c67f4a521e83b4ee81ec2a763ba89e4353951  ./lib/besu-crypto-services-24.1.1.jar
13223e471187928b07c458608a98e49dc303d0af86f9d688d068d471e803d3e6  ./lib/besu-trie-24.1.1.jar
fc6e45401a54e48d1d8ef86260ca3b1f79724f446be326b8ddcc68b3127dfd03  ./lib/besu-pipeline-24.1.1.jar
08c40cb5abcaf572b82b3363db61e84ccbd3456a4a29f2fa63a05451fb7807e7  ./lib/besu-tasks-24.1.1.jar
309c3931d435ab944911c4a27354f474a8baad02f843ec0ec7571580888b1f9c  ./lib/besu-metrics-rocksdb-24.1.1.jar
213c1761f48d35d85df8c20357e6f48b051c90c9ba8596166279fb56c6ec532b  ./lib/besu-metrics-core-24.1.1.jar
fe2461d510597f8ee7cbc087ae1fbc7d3933a35558c353e69080ccc293d4c6cc  ./lib/besu-kvstore-24.1.1.jar
091a2b6b042a8b472fae6a32825456364daa2aa0dc4e7a00bf8888bd3e3c7b51  ./lib/plugin-api-24.1.1.jar
07e83f2f42c54d0eb9ef01024c35cdf1106dc33cbaeb951597015992083192c3  ./lib/besu-evm-24.1.1.jar
ec50f67df5cddbeab087db65f2d97da623ea8c557a8ab94a3aa2c5055afbcda4  ./lib/besu-nat-24.1.1.jar
65067dacb49fd45194fde91cf0784a1ab37455ff4cc8eef39836e814c207538e  ./lib/besu-util-24.1.1.jar
fef001a7a13515c273f30915915580782afbc45273cc07aa15994e51563ef310  ./lib/oshi-core-6.4.10.jar
e177266fc3e9b12761aff146a568197f57684da27dec49f977ff7713101f8cee  ./lib/graphql-java-21.3.jar
dd91128c41ab90b2770afb8cd6033e9097cf3643de37d22c5b2b2cb95491edbe  ./lib/besu-datatypes-24.1.1.jar
3d079895136d138c77a49d2e989b5e64e616dcb3810e8ce23448384d85c5c646  ./lib/besu-crypto-24.1.1.jar
04d6f35ac6a46d5a06cf099b9000eb7e2ce6eb1218056e9b155b01025c616b0d  ./lib/core-4.10.3.jar
146c82b345a2545d64bbbcddcaa652a52d27179245999a125ce5047724514e3c  ./lib/dnsjava-3.5.3.jar
f50eace57c5f9a56b2f22ea8cf50da379856a3bbdb4abdfb2b3729fa5b11e11d  ./lib/tuweni-dns-discovery-2.4.2.jar
1430eb4456aefae120265a31cf2312dfaaecc74b4457ad7cd808de4d14069bf6  ./lib/tuweni-devp2p-2.4.2.jar
04c3722cfe036d450915a0a10df1180acf5014526ac8b6603fed36691a341204  ./lib/client-java-18.0.1.jar
1920cd69d8682c7ef249bb407a3d0685723aa1785867cf4c53258da6bf14da97  ./lib/log4j-slf4j2-impl-2.22.1.jar
a4651ccfa60507fb9ac13d3511e79ab565aa2867ddf6c6ee5676704acd871683  ./lib/java-dataloader-3.2.1.jar
c1369d5a37576d43e0bc93b1b36a2a3030ba0cb2b6fa3557ced6a81921dbde28  ./lib/crypto-4.10.3.jar
0613e7e52971f719e05d85100a49568820e16c516ae1c0e290235cdfdc529e3f  ./lib/Java-WebSocket-1.5.5.jar
6265ad3e28a8b02ac3a9f98b9efced79671df8e0a556e9851ad65ffbea51a12a  ./lib/jose4j-0.9.3.jar
b7ddb31a515debbddec8e9145e2cf7b197926f40e454376647724f92e6382043  ./lib/slf4j-api-2.0.10.jar
a6ed20c2f4039f67574fca2fa5093cd7c44aa403808b5ce423f91a0589793ce2  ./lib/besu-ethereum-rlp-24.1.1.jar
a4730771e6a495dd3793a42cdb8ce6bddb96c77e15f40c98fd8d9a7ae09e7286  ./lib/jackson-annotations-2.16.1.jar
c5e60861d56159e916e593d8c195b67cdaac30f1e0d10d24f8e2a44eecd1a513  ./lib/vertx-web-4.3.5.jar
4da7480a767a57a8380f398612665123b31804883986eed881e52d2cedc287e9  ./lib/vertx-auth-jwt-4.3.5.jar
6a9ec116aff00d7cb18147a14203142f38b7620cc8fff2e38acdb9d2bf1205d8  ./lib/vertx-unit-4.3.5.jar
588f2ade1d107d3f879c5aa8aedb61807308ff9d233552d93709af4b3272bcb8  ./lib/vertx-web-common-4.3.5.jar
19083bb0ac408d948909dce75f038c8d14efcad8fa8d867e38a7e52b28dc5a47  ./lib/vertx-auth-common-4.3.5.jar
73c66b4cca66a04b02426e4e0b882e6757f20393dff79c125960aaf12259c6dd  ./lib/vertx-bridge-common-4.3.5.jar
abae054c304fc46de7b536504c27cd8cfb723757dfb718c95a27591ef66be93b  ./lib/vertx-lang-kotlin-coroutines-4.3.7.jar
298866e66dddcec8a99817c15d9f858668fd75a0c070cbc3961a116aa0f9aa2d  ./lib/vertx-lang-kotlin-4.3.7.jar
390811dc0f2e83409a74263bb69995d8020ac44cf11ed412a80d39daf25a1ca6  ./lib/vertx-core-4.3.5.jar
3c1ff2b84abdef41970e0aebde147e97a1365f64ad798697a7fe4303f226558e  ./lib/vertx-codegen-4.3.5.jar
a9aa5c80f8dda77ad8f03500a5c021abf720acd60aae4e293a9e8c2885d6dc2b  ./lib/jackson-datatype-jdk8-2.16.1.jar
f5f8ef90609e64fec82eb908e497dc7d81b2eb983fe509b870292a193cde4dfb  ./lib/jackson-core-2.16.1.jar
baf8a8ebee8f45ef68cdd5e2dd3923b3e296c0937b96ec0b4806aa3a31bccd1d  ./lib/jackson-databind-2.16.1.jar
49959fe20423803b8958fe35ce6cdcc47e58e2251b191ad53eb7ef6fc46c4ae1  ./lib/simpleclient_guava-0.16.0.jar
258366b0d8028141f9a8441727e77e31e1204cf955f57e597a40c1ea94365c3e  ./lib/tuweni-net-2.4.2.jar
ea199aaaf46f6702708af42174af8b7b0d82cbb7d96540b9849b6797a209bfa2  ./lib/tuweni-merkle-trie-2.4.2.jar
e52413605d5ca130266eefb23935148b02d783a73333852d5eecbda3d229fa1f  ./lib/tuweni-crypto-2.4.2.jar
00ce9049989cd351acb796633301560589d6952222974ec05c5760a31d864fd3  ./lib/tuweni-kv-2.4.2.jar
67effc78467927c6790ca519bd941d55fbee517eb5a1059961d54d0dc3ab626e  ./lib/tuweni-io-2.4.2.jar
eee1d301139b1ea22ab91ef8fe282c264da29b8d5212fc036c6024816218a06a  ./lib/discovery-22.12.0.jar
492594358710ad644167fa905c076b0caebac3fee89950d33d33a46b3417859d  ./lib/grpc-netty-1.60.1.jar
b96af7b762e7fca6ffecce7163bcaf2d762dd7a0e24bb757e507639a3469b8e9  ./lib/grpc-core-1.60.1.jar
44a4f0e7721688ce0fc8b8d797acab22416eb9036f62398ba2fb7916f2a20cc9  ./lib/tuweni-kademlia-2.4.2.jar
4ab6efb9cbadc88f8dc723ada3a61785da367697373d4432aef5222312aa70f6  ./lib/grpc-context-1.60.1.jar
bdcefde43d7c542e748adb7b2bccc46db16313ba86ab46f8ba3b54677c7c5883  ./lib/grpc-api-1.60.1.jar
0232e0160f8a54eee8d12942f6ddfadd8ce05231ad8e035cbba9fc31b687b76c  ./lib/grpc-util-1.60.1.jar
f4d85c3e4d411694337cb873abea09b242b664bb013320be6105327c45991537  ./lib/guava-33.0.0-jre.jar
ab96beb6bd3c291a4bb974a28f41e2c7e5db1f8143ac7e6c0a70bc82f8764ab8  ./lib/dagger-2.50.jar
e83a906fb99b57091d1d68ac11f7c3d2518bd7a81a9c71b259e2c00d1564c8e8  ./lib/picocli-4.7.5.jar
f59e6c9522e080788d4bf2b0bd52cbd0dd84238f3ae5546bafcc635d4a37ab6a  ./lib/client-java-api-18.0.1.jar
7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c  ./lib/commons-lang3-3.14.0.jar
46dccecac556623d8e2ce8648496824a82951d139062a4e61148aff1a25ed18d  ./lib/log4j-core-2.22.1.jar
b21adeb945adcfe3008df17c72a371a7db98237e8dcedbda0cdd9528469f45fd  ./lib/tuweni-units-2.4.2.jar
8a2b457d2c77c11d31864bf0f223e381b8fe9b0972a66062db785c80c7a95a40  ./lib/tuweni-rlp-2.4.2.jar
f12627fd4e7f2fe1a1e6baab93970f3b3b900112d8411868f75a83534958e77e  ./lib/tuweni-bytes-2.4.2.jar
8b100d84c4831bf4c2d825091e8a4af810ebb131ed4c9e5b0b2ef8860b6ecb4d  ./lib/tuweni-config-2.4.2.jar
aab23065d44abdd399f39562be80a54343496e29133a14d70a678a565bc86604  ./lib/tuweni-toml-2.4.2.jar
34e7e56af73caa4b1d71bc57a6006777fa1c5b590cea405bd962172cd42c47d4  ./lib/spring-security-crypto-6.2.1.jar
0f3f1857ed33116583f480b4df5c0218836c47bfbc9c6221c0d73f356decf37b  ./lib/snappy-java-1.1.10.5.jar
dc52dcca22772671825a081d9819d774753dfc8d2fe751e8ba75506649cc4793  ./lib/jc-kzg-4844-0.8.0.jar
289cafede18172b2a477833485360f938fb82f5fc2c4aaaf2801a8b62f8e153b  ./lib/rocksdbjni-8.3.2.jar
9b57b347e88576fa9b944c396bf6e3d797707196842b8137cb135a3d4f1b824f  ./lib/log4j-jul-2.22.1.jar
6cd3a7f05038d39d5e70b52d3f142a07abf5831fea6b3f77e539e8e245c521ff  ./lib/splunk-library-javalogging-1.11.8.jar
2e5e775a9dc58ffa6bbd6aa6f099d62f8b62dcdeb4c3c3bbbe5cf2301bc2dcc1  ./lib/jansi-2.4.1.jar
1ac7fe8efd5b2f38cdc165be5a0675734fe44808dab92707201f03a535d6f1b8  ./lib/bcpkix-jdk18on-1.77.jar
79563c49869c9db79f3de1c62db57a81c1df33d6929c43d8eca9bf3c1d7e671e  ./lib/abi-4.10.3.jar
5d7beae7ff15d8516d6517121d7f12a79a6ac180df64b5fcec55d5be21056e53  ./lib/log4j-api-2.22.1.jar
f0739e636aefc387e0244980030a3f329e5db317b38acb4e223bd3570ab5ced7  ./lib/opentelemetry-extension-trace-propagators-1.24.0.jar
55f544828cb2bf2ef1fc6557a198ed310159ff5cde1682891a868cb00d81812d  ./lib/opentelemetry-sdk-extension-autoconfigure-1.24.0-alpha.jar
2cc6768d94c0120e70a313d57f9d28141266692b2d185f11b8e187defcebf2a5  ./lib/opentelemetry-exporter-otlp-1.24.0.jar
c028b3311478b91f95d1d77fd37de6fc098023bf94acc43e94a35c20e0624f02  ./lib/opentelemetry-exporter-otlp-common-1.24.0.jar
51775a0f0fa297198d7a0b48dabf121246ecbb1e306dafb32e6a2e96d35f667b  ./lib/opentelemetry-sdk-extension-autoconfigure-spi-1.24.0.jar
638b807dcbb32dbc47b46f5bf9256164fdd3296aa6a678895fae213fcc1d5236  ./lib/opentelemetry-sdk-1.24.0.jar
899264a4a0f7e9d52a4b89c3954a7fb012ce4b1b7ee6ac005e4f54e358c39ddf  ./lib/opentelemetry-sdk-trace-1.24.0.jar
fe1d79f8005ee86373faad0357fd616a9adf313deb5934eddf2cad19c91e6b57  ./lib/opentelemetry-sdk-metrics-1.24.0.jar
9176e6a815e375281c7470af83da94e13c420cd014b4260741a9ae1859013582  ./lib/opentelemetry-sdk-logs-1.24.0-alpha.jar
4241f3070db865b9b39843d9489cab9c89859464700a3172c1d16319f4678061  ./lib/opentelemetry-sdk-common-1.24.0.jar
c54d950f6bc84990df8388e912d63678744c0dd57c40b13a28f9579853157aa3  ./lib/opentelemetry-semconv-1.24.0-alpha.jar
1adf6036ae00ff5bc1db16d6b799c0f8a8814a0ecc97dc25d4fadf367d2a59cb  ./lib/opentelemetry-api-logs-1.24.0-alpha.jar
a72b79dc88c4d8a64d7128a863b51942b243ca3d3be1126ec3bb56c0a7f0286d  ./lib/opentelemetry-api-events-1.24.0-alpha.jar
831e0b6eafd914b59dc428b957f10a648d04697dc94b3c876ba9da72012171c7  ./lib/opentelemetry-exporter-common-1.24.0.jar
f5ce6139cbc2c0d0597289b7b47eb4f15c158f2612237e7c4b363f0acf2f1285  ./lib/opentelemetry-api-1.24.0.jar
e9686e8a663ca512afe3a2eeb6f6ad3f303abb46188991f19ebc6a0fd9c1c14f  ./lib/antlr4-4.11.1.jar
e06c6553c1ccc14d36052ec4b0fc6f13b808cf957b5b1dc3f61bf401996ada59  ./lib/antlr4-runtime-4.11.1.jar
947673bcbc5a8dde2d2fa688a5b7598d0ca6e2a74a7ea30cd93f04f6b3ad68f8  ./lib/bcutil-jdk18on-1.77.jar
3de6a8eb029e433748e93854980b7b2731bdd8fe08c0fe2e450ff4ddee25f78e  ./lib/rlp-4.10.3.jar
a14b6773d22a6a09cc33e571e2881c37f2b71ad5f0684d483fd2fbd39e69c758  ./lib/utils-4.10.3.jar
dabb98c24d72c9b9f585633d1df9c5cd58d9ad373d0cd681367e6a603a495d58  ./lib/bcprov-jdk18on-1.77.jar
7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3  ./lib/caffeine-3.1.8.jar
b23038c7157dd730caa73fd500a3e577f650794eeaf35ad96b73f79a29a788fc  ./lib/value-annotations-2.10.0.jar
11933ecbc6c1de67908afa3ea469a7cd104c50bce4f3a5cd909c2f208c97a044  ./lib/netty-all-4.1.104.Final.jar
28c03e9e7a0b46c067b5fdc84ddf134bf424643b79ff3efc8f552f28e450151d  ./lib/netty-transport-native-epoll-4.1.104.Final.jar
f86d0a1ab8d0c3b6b539d946ad217a13a313769e537f6704696ce0a264c7a449  ./lib/netty-transport-native-epoll-4.1.104.Final-linux-x86_64.jar
497c4aec2a9fdedf3482e3da54d383b2ae2dfbf79b4ad28f4cc771f7a00f01bc  ./lib/netty-transport-native-epoll-4.1.104.Final-linux-aarch_64.jar
942b4cc8a7aec5e45b1621e993048de72d1edc912fed0684df4084e42e578189  ./lib/netty-transport-native-epoll-4.1.104.Final-linux-riscv64.jar
e60df7422caa825b56cc8b0a4de6011d7e3e50c179af031f5149ee05aa00a603  ./lib/netty-transport-native-kqueue-4.1.104.Final.jar
ad1a57bbbff4bdd1446e08e8b74c0456ef0bfad3a5601c2945ada50e6ca38989  ./lib/netty-transport-native-kqueue-4.1.104.Final-osx-x86_64.jar
9725d79ebd3db24b179977a9e59c941082bac82300096ed037a5729c3d72d9df  ./lib/netty-transport-native-kqueue-4.1.104.Final-osx-aarch_64.jar
3cb42d5724d1d349d5bdd1620d9032e59591aa18ed59394949a945818dcce5d2  ./lib/bls12-381-0.8.2.jar
d7a61afb72e184c99e1146c42a3b6276b0b9677fec285e8a2f64528da427a4b2  ./lib/arithmetic-0.8.2.jar
ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449  ./lib/jna-platform-5.14.0.jar
d6327378561501c7034c616fd0f85da4c24981c11d3fcec2163a8e92a32a48d8  ./lib/secp256k1-0.8.2.jar
cf0e58ec14f014c0a56a3cff6f38c143e02735207266a789ec6804cc06a7780c  ./lib/secp256r1-0.8.2.jar
cb2abade577e17f72c4ad193d61d03cdae43cc0b6bb5b00220038e56643f7e45  ./lib/blake2bf-0.8.2.jar
34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6  ./lib/jna-5.14.0.jar
068eac479c3ab40ed76220e0c7bcd389a9a9e53f66db82ef15a6782719100749  ./lib/tuweni-concurrent-coroutines-2.4.2.jar
ab5d7835d304811dc4e4b18b18d0ae2d6d04c1da3378825455ec0ab58bf4bdf2  ./lib/tuweni-concurrent-2.4.2.jar
5fd94296dfdd7ba1e83e9bb66e265d8eadd6cb93bc96535b7af5aecef8b17440  ./lib/netty-transport-classes-epoll-4.1.104.Final.jar
2bee1139451b51223b2475bb4fe6061ad9618c6ec270e60504d234e0e7388e95  ./lib/netty-transport-classes-kqueue-4.1.104.Final.jar
fc03e6a2cc2d59f80fb1ec2957621e2630a952db36e069ccbbd72e0662796881  ./lib/netty-codec-http2-4.1.104.Final.jar
a61bbbbe33c116a278b1e5baa567c6b5d6bd77814360870093bf6e51c12c6157  ./lib/netty-handler-proxy-4.1.104.Final.jar
8e635413e623f3f1b337524931be620feb0369def735ede338f67db55cf8fc9b  ./lib/netty-codec-http-4.1.104.Final.jar
e0d7fc632da21828474f4dcf4ffc8ee852b962010808cc8a0270766ae55da18d  ./lib/netty-resolver-dns-native-macos-4.1.104.Final-osx-x86_64.jar
73d2dba1e02d90817950bbeea9ef2e82c467f67588e4023b7bd5ff765d808c6c  ./lib/netty-resolver-dns-native-macos-4.1.104.Final-osx-aarch_64.jar
5d45c0fb39d911e2470de5ed6480a23332f454838923ffceb0cf1b4002ecd713  ./lib/netty-resolver-dns-classes-macos-4.1.104.Final.jar
f40076554db69eec20e0f8de5c92a540d3c50909e416d2c7d8f7e1b27d84b4a8  ./lib/netty-resolver-dns-4.1.104.Final.jar
4c30c26d158fbf6dcebb54f8524e902a0df4fc6157f597af96a27f5459f7d046  ./lib/netty-handler-4.1.104.Final.jar
c12f39c8f12a6ba64078caf75fd97a7fbd05643001f424e8b84829b35d402f4e  ./lib/netty-transport-native-unix-common-4.1.104.Final.jar
1daadee769a2be810df4e29ea24c688ae0f3ad64dd9ccb1f7e74941a73f21aa4  ./lib/simpleclient_pushgateway-0.9.0.jar
a1a16e1f804e3382ed8b400220ecb2913c96412d937e618f54a7088e6eb432b6  ./lib/simpleclient_httpserver-0.15.0.jar
97d404dca184d2a07817ccae2ef1df9fb34b84526c44cf2367ef0ba8031759c0  ./lib/simpleclient_common-0.9.0.jar
927fc7069f9a8ebd1a8420c3bb1675a957bd359b95e50664aa96e387d4b0a256  ./lib/simpleclient_hotspot-0.9.0.jar
72d6dc49c023a4b3345d8a8a82d947ea24d07b1ad60cf57fee85a6f77b149a19  ./lib/simpleclient-0.9.0.jar
88c64b8eea3eb90597d2fb0fd30f3cf782fbcdad06312e5665a618f070f02119  ./lib/kotlinx-coroutines-jdk8-1.6.4.jar
c24c8bb27bb320c4a93871501a7e5e0c61607638907b197aef675513d4c820be  ./lib/kotlinx-coroutines-core-jvm-1.6.4.jar
273ba218636c34f7a091c059d159600543e03ea8beef2c5fc56525b47396160e  ./lib/logging-interceptor-4.10.0.jar
b1050081b14bb7a3a7e55a4d3ef01b5dcfabc453b4573a4fc019767191d5f4e0  ./lib/okhttp-4.12.0.jar
67543f0736fc422ae927ed0e504b98bc5e269fda0d3500579337cb713da28412  ./lib/okio-jvm-3.6.0.jar
a4c74d94d64ce1abe53760fe0389dd941f6fc558d0dab35e47c085a11ec80f28  ./lib/kotlin-stdlib-jdk8-1.9.10.jar
ac6361bf9ad1ed382c2103d9712c47cdec166232b4903ed596e8876b0681c9b7  ./lib/kotlin-stdlib-jdk7-1.9.10.jar
6abe146c27864138b874ccccfe5f534e3eb923c99a1b7b5d45494ee5694f3e0a  ./lib/kotlin-stdlib-1.9.22.jar
b09e2cd5c36a7127e091df9be628278b1166b40bc08b9de8196ccddb0cccd67f  ./lib/encoder-1.2.3.jar
106dd048f560212522377599a552683106d4d24d638d14d6dccfb4919349546f  ./lib/netty-tcnative-boringssl-static-2.0.62.Final.jar
02f9f351968f58113aa1987b3eefaea4ea1119055c044e11b5893ffb8d1a171e  ./lib/org.jupnp-2.7.1.jar
405c78f11b727f676bde81c78630a79a1a3e2281f48b423c46deab7acaf82d14  ./lib/org.jupnp.support-2.7.1.jar
8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064  ./lib/failureaccess-1.0.2.jar
b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99  ./lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7  ./lib/jsr305-3.0.2.jar
2f9f245bf68e4259d610894f2406dc1f6363dc639302bd566e8272e4f4541172  ./lib/checker-qual-3.41.0.jar
ec6f39f068b6ff9ac323c68e28b9299f8c0a80ca512dccb1d4a70f40ac3ec054  ./lib/error_prone_annotations-2.23.0.jar
91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff  ./lib/javax.inject-1.jar
59df6541a840018f0f4c899aae4f4c1f4383f4c16feb5268615fbe384d28501c  ./lib/rxjava-2.2.21.jar
f5eeb841e70c625831960ccc77bf79d37d01f08cd3d5eb68a2600db5632e3f1e  ./lib/reactor-core-3.4.24.jar
f75ca597789b3dac58f61857b9ac2e1034a68fa672db35055a8fb4509e325f28  ./lib/reactive-streams-1.0.4.jar
d174befa24f1259366d234a1f814260534a6a8ec57079bfa444db183ca83954b  ./lib/netty-codec-dns-4.1.104.Final.jar
c8fac27f4d78fb3abd627907a5412fbe85fecc0671fa36f9ef7d0d26670caf05  ./lib/netty-codec-socks-4.1.104.Final.jar
36d9840e76de66fbf60da20d740b3974a3545b0a4d68a16a7c19ae998f541098  ./lib/netty-codec-4.1.104.Final.jar
28fd78156e8908146e66d247985aa5018a4bce9503c5b3d883481448b23270d3  ./lib/netty-transport-4.1.104.Final.jar
1e5361d1371ae75836717a22d0b0fba8393ef3ddb345abd7581c97c37aeac568  ./lib/netty-buffer-4.1.104.Final.jar
7d1cf459a1094cdefdae457686118d9dcc00d96b0ad1cea798483a43ffca1064  ./lib/netty-resolver-4.1.104.Final.jar
b98b35afc0c704039dc636c5531583e3100c65e1c6bbf1b109761324bbedb06a  ./lib/netty-common-4.1.104.Final.jar
ce95f065078c1b2920ed8718a02520b8c15b90f9a7df7439b375c08de4bb7945  ./lib/framework-1.3.2.jar
81c2aa60dc06c8f9c4e36a07c9c1b11bc93c90364118b6e5162487c34d2690f6  ./lib/framework-internal-1.3.2.jar
b542cc6976461524ea2afc097e6b714edade1eb50b3a65ca53644fff981cae12  ./lib/gson-fire-1.8.5.jar
4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593  ./lib/gson-2.10.1.jar
e3c1566f821b84489308cd933f57e8c00dd8714dc96b898bef844386510d3461  ./lib/commons-net-3.9.0.jar
25d020f9a7bc085029484b38495a530368c06fb965e52772f19c14ed244b5db1  ./lib/opentelemetry-context-1.24.0.jar
1dd88ddf417411dba17c01cd0afb18f55315b00b54b82374d39405dc88af0509  ./lib/tuples-4.10.3.jar
98f62c719b3481457f25fd25e2502ace7a90d45f75a2554ebcfcb6be0b161a17  ./lib/jnr-unixsocket-0.38.17.jar
fba4a5f893a391f6af8e20e019e6761f68ba34365203a71b5d32f681ee53e1a8  ./lib/ens-normalize-0.1.2.jar
d3c0136eb0176092210d5c870dbe30f1d92b43d73ee9b1e4a861e28c6460527c  ./lib/jnr-enxio-0.32.13.jar
c38ecfccd24e5f21f17a62e45d5bd454842c5db17ed42b01b868f9206d0e99e7  ./lib/jnr-posix-3.1.15.jar
d309575e8d080785988dc51b6636ae67738561c3d1453e8b24f9501301e00296  ./lib/jnr-ffi-2.2.13.jar
56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d  ./lib/commons-codec-1.16.0.jar
ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478  ./lib/annotations-13.0.jar
b7d23e93a34537ce332708269a0d1404788a5b5e1949e82f5535fce51b3ea95b  ./lib/perfmark-api-0.26.0.jar
ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15  ./lib/annotations-4.1.1.4.jar
9ffe526bf43a6348e9d8b33b9cd6f580a7f5eed0cf055913007eda263de974d0  ./lib/animal-sniffer-annotations-1.23.jar
1dafdb2ca02e0ea6de2d91cd856664ecb963dcc5b0bf165d5c4a7484a17046f8  ./lib/netty-tcnative-classes-2.0.62.Final.jar
8eb111359e6baac20553fde0a53366fb202a4d0dda9a24bbe5c2945eb9cecb2c  ./lib/netty-codec-haproxy-4.1.104.Final.jar
1f91f4c0f82fb3eec6d34242b108453dc1b18f74b96eaaabf064a705d45c14a7  ./lib/netty-codec-memcache-4.1.104.Final.jar
b19bcc87092bb085341f37c291dca9605b0cf256f54677921a4bcca20e1596f9  ./lib/netty-codec-mqtt-4.1.104.Final.jar
fd8d7f78500375081dcac29b2fcc184ac7c125475b48f05d9659b98524f77738  ./lib/netty-codec-redis-4.1.104.Final.jar
e519afe6bb461c2004e5e29a5fdd9bfa2fedd73753163b7ed3c266b5c4695dac  ./lib/netty-codec-smtp-4.1.104.Final.jar
93409a2a0900ca98d2b9ed6af14bc1bb2881a9d055571180990e81cb66704dbb  ./lib/netty-codec-stomp-4.1.104.Final.jar
cfdae681ab1728ead026228bb8f32504800154b19afb6c120ba6155f6edeef87  ./lib/netty-codec-xml-4.1.104.Final.jar
6ca922d26c8d2831f8ebff413518c709fa3454ede0982938f37dc425c15491a3  ./lib/netty-handler-ssl-ocsp-4.1.104.Final.jar
be01ae38c1bd36c60c20d35406ff75031d1aa61177727b2553ac259f703df077  ./lib/netty-transport-rxtx-4.1.104.Final.jar
aa33247c732182bb4a970684aeaeba377b64d6cb719b3c296fcd5ae80cb83a2c  ./lib/netty-transport-sctp-4.1.104.Final.jar
67896b06e1a550dff839b88acf9ac73a458cc481fd81a9c5e6ce02c70f303e91  ./lib/netty-transport-udt-4.1.104.Final.jar
883007989d373d19f352ba9792b25dec21dc7d0e205a710a93a3815101bb3d03  ./lib/jaxb-api-2.3.0.jar
e5c542d16f29ab54a1ae3837ed065ca4a4c21cf5eea5f87e12f9d3921c9b973f  ./lib/client-java-proto-18.0.1.jar
880c9d896e4b74a06c549c15ca496450165d6909fa15d7e662bee8f6a66d7afa  ./lib/snakeyaml-2.0.jar
d0ec8014ebbb0749f471803122b21796afddf2e98e194e4374622e5fbaf69f49  ./lib/commons-compress-1.25.0.jar
a58af12ee1b68cfd2ebb0c27caef164f084381a00ec81a48cc275fd7ea54e154  ./lib/commons-io-2.15.1.jar
d3f7fad5fda34e11b7d975abf26331d0f955853f01d6d9b6dcdc7cd2d32251b6  ./lib/protobuf-java-3.22.0.jar
1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1  ./lib/commons-collections4-4.4.jar
f927ac384c46d749f8b5ec68972a53aed21e00313509299616edb73bfa15ff33  ./lib/ST4-4.3.4.jar
68bf9f5a33dfcb34033495c587e6236bef4e37aa6612919f5b1e843b90669fb9  ./lib/antlr-runtime-3.5.3.jar
fa5e31395c39c2e7d46aca0f81f72060931607b2fa41bd36038eb2cb6fb93326  ./lib/org.abego.treelayout.core-1.0.3.jar
17fdeb7e22375a7fb40bb0551306f6dcf2b5743078668adcdf6c642c9a9ec955  ./lib/javax.json-1.1.4.jar
91c4f8ebf0ceb489547098fe9d5c09a65eb419caea6ed714867f5280800bcf1a  ./lib/icu4j-71.1.jar
a617b0d8463d3ea36435bd1611113dedb3749157afd2269908ab306c992aefed  ./lib/jnr-constants-0.10.3.jar
8f4e9fe793db1c79c12d8247a3785a30b949ecd126c346e04969b831ae48bcd3  ./lib/jffi-1.3.10.jar
df4682f7d48b23298b89f257d76b6233335047d7a3c6e49e7f0b7332365a7bac  ./lib/jffi-1.3.10-native.jar
be4ce53138a238bb522cd781cf91f3ba5ce2f6ca93ec62d46a162a127225e0a6  ./lib/asm-commons-9.2.jar
ff5b3cd331ae8a9a804768280da98f50f424fef23dd3c788bb320e08c94ee598  ./lib/asm-util-9.2.jar
878fbe521731c072d14d2d65b983b1beae6ad06fda0007b6a8bae81f73f433c4  ./lib/asm-analysis-9.2.jar
aabf9bd23091a4ebfc109c1f3ee7cf3e4b89f6ba2d3f51c5243f16b3cffae011  ./lib/asm-tree-9.2.jar
b9d4fe4d71938df38839f0eca42aaaa64cf8b313d678da036f0cb3ca199b47f5  ./lib/asm-9.2.jar
53ae5ea7fa5c284e8279aa348e7b9de4548b0cae10bfd058fa217c791875e4cf  ./lib/jnr-a64asm-1.0.0.jar
39f3675b910e6e9b93825f8284bec9f4ad3044cd20a6f7c8ff9e2f8695ebf21e  ./lib/jnr-x86asm-1.0.2.jar
5578b71b37999a5eaed3fea0d14aa61c60c6ec6328256f2b63472f336318baf4  ./lib/javax.persistence-api-2.2.jar
e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b  ./lib/javax.annotation-api-1.3.2.jar
7ef85974e5d82fcabd0dabd2c455cd80378b36d774de017ceac842a3a4fa64f8  ./lib/swagger-annotations-1.6.9.jar
38edf01bb6c60cb314b3ab875b0beea0c0565e8e39a465453eeec1bb55346f9a  ./bin/evmtool
eb03ad5e44115e63793921436ce128c6fbbe035b192a3f7557deb2940cf69acd  ./bin/evmtool.bat
b7dbbe269823d46a884c15fa275f11cd5db8dbc4379f5d574721882314cbe8fa  ./bin/besu
095cf2565bae66753cee832d4bafaf83727d0994f744f1235f95a9881e2fbae8  ./bin/besu.bat
580f5246f7469de0a79cf4da8bc2b242232eb94d75c44f5976bfeff094f4aa1f  ./bin/besu-untuned
f8a086c1e1e7bf7cf080eb5061040750b4a40cdc24185dd41842c590196fbfdf  ./bin/besu-untuned.bat
b40930bbcf80744c86c46a12bc9da056641d722716c378f5659b9e555ef833e1  ./LICENSE
583265b92fbbf123ece2d7d874f2a837af244e89bd0110385c3fd6424e5891af  ./besu.autocomplete.sh
garyschulte commented 5 months ago

We are investigating. The SHAs published at release time were: 

➜  ~ ls -la besu-24.1.1*
-rw-r--r--@ 1 garyschulte  staff  166865873 Jan 25 17:41 besu-24.1.1.tar.gz
-rw-r--r--@ 1 garyschulte  staff  166927231 Jan 25 17:41 besu-24.1.1.zip
➜  ~ shasum -a 256 besu-24.1.1.tar.gz
cfcae04c30769bf338b0740ac65870f9346d3469931bb46cdba3b2f65d311e7a  besu-24.1.1.tar.gz
➜  ~ shasum -a 256 besu-24.1.1.zip
b6b64f939e0bb4937ce90fc647e0a7073ce3e359c10352b502059955070a60c6  besu-24.1.1.zip
➜  ~ stat besu-24.1.1*
16777233 20668800 -rw-r--r-- 1 garyschulte staff 0 166865873 "Jan 25 17:41:34 2024" "Jan 25 17:41:34 2024" "Jan 25 17:41:34 2024" "Jan 25 17:41:16 2024" 4096 328432 0 besu-24.1.1.tar.gz
16777233 20668706 -rw-r--r-- 1 garyschulte staff 0 166927231 "Jan 26 07:39:24 2024" "Jan 25 17:41:20 2024" "Jan 25 17:41:20 2024" "Jan 25 17:41:06 2024" 4096 326032 0 besu-24.1.1.zip
garyschulte commented 5 months ago

full disclosure: During the release the initial job to build the release (task 26711) failed due to a timeout of one of the tasks. I retried the process from the failed job, presuming it was a transient failure. On closer look I noticed the reference tests job timeout had caused the issue.

A second CI job (26713) started on publish of a CI change that relaxed that same timeout.

The initial retry job completed and published the release artifacts with the SHAs in the release notes. Subsequently though the second CI job completed and re-published the release artifacts contents that differed only by the timestamps embedded in the archives.

TL/DR this was a CI race and not a supply chain attack. Thanks for your diligence, and I will update the release notes with the updated SHAs and a note about the SHA errata