Incorrect checksum for v2.6.0

[KMahoney]

I'm not very familiar with Java packaging so forgive me if this is the wrong place to report this, but I have been experiencing failing builds because the checksum for 2.6.0 on jitpack.io seems to be incorrect.

This might not affect many of your users because Maven doesn't check checksums, but Coursier does.

  Error while fetching artifact with coursier: Error fetching artifacts:
https://jitpack.io/com/github/kenglxn/QRGen/core/2.6.0/core-2.6.0.jar: wrong checksum: v1/https/jitpack.io/com/github/kenglxn/QRGen/core/2.6.0/core-2.6.0.jar (expected SHA-1 766e1d60e69b8764f5d6879540e93eb3fb537205 in v1/https/jitpack.io/com/github/kenglxn/QRGen/core/2.6.0/core-2.6.0.jar.sha1, got c7d01630bfb5450ca17ceb897846dc2fa36ca198)
https://jitpack.io/com/github/kenglxn/QRGen/android/2.6.0/android-2.6.0-sources.jar: wrong checksum: v1/https/jitpack.io/com/github/kenglxn/QRGen/android/2.6.0/android-2.6.0-sources.jar (expected SHA-1 2c2b82a70eaf56713a41efabe7437b05e3072608 in v1/https/jitpack.io/com/github/kenglxn/QRGen/android/2.6.0/android-2.6.0-sources.jar.sha1, got 55a40e057a19d70e67183e235d19e9570f09e3dd)

[ligi]

just experienced the same - wondering if this is a @jitpack-io problem. But the first time I experienced something like this - and a bit careful as the app where I enabled checksum checking is a bit sensitive.

more insight:

both files have the exact same size:

ligi@ligi-p1:~/tmp/checksum-problem$ sha512sum *
301c029ac0c6cc0c3468b3920778b6825b9fb6a397b48126f42e607e2ed41622d302b6266f3a0e107af58a035962b6cc6d45a08becf43b2dc4e30373923129ad  core-2.6.0.jar
a38318e396263b6f989d0787a65906ca450d9a32e22c54076c364f82e4e48d1ba9f5b7dcb02ae732b2650ec18f2e2cd8ad35679d2673ae43687d6e9b4a3105ed  core-2.6.0.jar2
ligi@ligi-p1:~/tmp/checksum-problem$ ls -l
total 88
-rw-rw-r-- 1 ligi ligi 42754 Mär  1 03:01 core-2.6.0.jar
-rw-rw-r-- 1 ligi ligi 42754 Mär  1 03:01 core-2.6.0.jar2

It seems the version was rebuild in 2021:

ligi@ligi-p1:~/tmp/checksum-problem$ unzip -l core-2.6.0.jar2
Archive:  core-2.6.0.jar2
  Length      Date    Time    Name
---------  ---------- -----   ----
        0  2019-07-18 09:47   META-INF/
      133  2019-07-18 09:47   META-INF/MANIFEST.MF
        0  2019-07-18 09:47   net/
        0  2019-07-18 09:47   net/glxn/
        0  2019-07-18 09:47   net/glxn/qrgen/
        0  2019-07-18 09:47   net/glxn/qrgen/core/
        0  2019-07-18 09:47   net/glxn/qrgen/core/image/
        0  2019-07-18 09:47   net/glxn/qrgen/core/scheme/
        0  2019-07-18 09:47   net/glxn/qrgen/core/exception/
     1111  2019-07-18 09:47   net/glxn/qrgen/core/image/ImageType.class
     4777  2019-07-18 09:47   net/glxn/qrgen/core/scheme/ExtendableQRCodeSchemeParser.class
      425  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Schema.class
     1422  2019-07-18 09:47   net/glxn/qrgen/core/scheme/IToDo.class
     3782  2019-07-18 09:47   net/glxn/qrgen/core/scheme/IEvent.class
     2045  2019-07-18 09:47   net/glxn/qrgen/core/scheme/YouTube.class
     2285  2019-07-18 09:47   net/glxn/qrgen/core/scheme/SMS.class
     3407  2019-07-18 09:47   net/glxn/qrgen/core/scheme/ExtendableQRCodeSchemeParser$QRCodeSchemeParserImpl.class
     2359  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Girocode$Encoding.class
     4688  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Wifi.class
     3267  2019-07-18 09:47   net/glxn/qrgen/core/scheme/MeCard.class
     1705  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Url.class
     2560  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Bookmark.class
     4003  2019-07-18 09:47   net/glxn/qrgen/core/scheme/EnterpriseWifi.class
     1440  2019-07-18 09:47   net/glxn/qrgen/core/scheme/IJournal.class
      694  2019-07-18 09:47   net/glxn/qrgen/core/scheme/BizCard.class
     2060  2019-07-18 09:47   net/glxn/qrgen/core/scheme/GooglePlay.class
     4529  2019-07-18 09:47   net/glxn/qrgen/core/scheme/KddiAu.class
     2295  2019-07-18 09:47   net/glxn/qrgen/core/scheme/MMS.class
     1214  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Wifi$Authentication.class
      590  2019-07-18 09:47   net/glxn/qrgen/core/scheme/SubSchema.class
     1980  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Telephone.class
     2037  2019-07-18 09:47   net/glxn/qrgen/core/scheme/EMail.class
     4512  2019-07-18 09:47   net/glxn/qrgen/core/scheme/Girocode.class
     4353  2019-07-18 09:47   net/glxn/qrgen/core/scheme/VCard.class
      413  2019-07-18 09:47   net/glxn/qrgen/core/scheme/QRCodeSchemeParser.class
     2504  2019-07-18 09:47   net/glxn/qrgen/core/scheme/GeoInfo.class
     1458  2019-07-18 09:47   net/glxn/qrgen/core/scheme/IFreeBusyTime.class
     3316  2019-07-18 09:47   net/glxn/qrgen/core/scheme/ICal.class
     1819  2019-07-18 09:47   net/glxn/qrgen/core/scheme/SchemeUtil.class
     2996  2019-07-18 09:47   net/glxn/qrgen/core/AbstractQRCode.class
      500  2019-07-18 09:47   net/glxn/qrgen/core/exception/QRGenerationException.class
        0  2019-07-18 09:47   META-INF/maven/
        0  2019-07-18 09:47   META-INF/maven/com.github.kenglxn.QRGen/
        0  2019-07-18 09:47   META-INF/maven/com.github.kenglxn.QRGen/core/
     2952  2019-07-18 09:46   META-INF/maven/com.github.kenglxn.QRGen/core/pom.xml
      113  2019-07-18 09:47   META-INF/maven/com.github.kenglxn.QRGen/core/pom.properties
---------                     -------
    79744                     46 files

ligi@ligi-p1:~/tmp/checksum-problem$ unzip -l core-2.6.0.jar
Archive:  core-2.6.0.jar
  Length      Date    Time    Name
---------  ---------- -----   ----
        0  2021-01-30 10:03   META-INF/
      133  2021-01-30 10:02   META-INF/MANIFEST.MF
        0  2021-01-30 10:02   net/
        0  2021-01-30 10:02   net/glxn/
        0  2021-01-30 10:02   net/glxn/qrgen/
        0  2021-01-30 10:02   net/glxn/qrgen/core/
        0  2021-01-30 10:02   net/glxn/qrgen/core/image/
        0  2021-01-30 10:02   net/glxn/qrgen/core/scheme/
        0  2021-01-30 10:02   net/glxn/qrgen/core/exception/
     1111  2021-01-30 10:02   net/glxn/qrgen/core/image/ImageType.class
     4777  2021-01-30 10:02   net/glxn/qrgen/core/scheme/ExtendableQRCodeSchemeParser.class
      425  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Schema.class
     1422  2021-01-30 10:02   net/glxn/qrgen/core/scheme/IToDo.class
     3782  2021-01-30 10:02   net/glxn/qrgen/core/scheme/IEvent.class
     2045  2021-01-30 10:02   net/glxn/qrgen/core/scheme/YouTube.class
     2285  2021-01-30 10:02   net/glxn/qrgen/core/scheme/SMS.class
     3407  2021-01-30 10:02   net/glxn/qrgen/core/scheme/ExtendableQRCodeSchemeParser$QRCodeSchemeParserImpl.class
     2359  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Girocode$Encoding.class
     4688  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Wifi.class
     3267  2021-01-30 10:02   net/glxn/qrgen/core/scheme/MeCard.class
     1705  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Url.class
     2560  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Bookmark.class
     4003  2021-01-30 10:02   net/glxn/qrgen/core/scheme/EnterpriseWifi.class
     1440  2021-01-30 10:02   net/glxn/qrgen/core/scheme/IJournal.class
      694  2021-01-30 10:02   net/glxn/qrgen/core/scheme/BizCard.class
     2060  2021-01-30 10:02   net/glxn/qrgen/core/scheme/GooglePlay.class
     4529  2021-01-30 10:02   net/glxn/qrgen/core/scheme/KddiAu.class
     2295  2021-01-30 10:02   net/glxn/qrgen/core/scheme/MMS.class
     1214  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Wifi$Authentication.class
      590  2021-01-30 10:02   net/glxn/qrgen/core/scheme/SubSchema.class
     1980  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Telephone.class
     2037  2021-01-30 10:02   net/glxn/qrgen/core/scheme/EMail.class
     4512  2021-01-30 10:02   net/glxn/qrgen/core/scheme/Girocode.class
     4353  2021-01-30 10:02   net/glxn/qrgen/core/scheme/VCard.class
      413  2021-01-30 10:02   net/glxn/qrgen/core/scheme/QRCodeSchemeParser.class
     2504  2021-01-30 10:02   net/glxn/qrgen/core/scheme/GeoInfo.class
     1458  2021-01-30 10:02   net/glxn/qrgen/core/scheme/IFreeBusyTime.class
     3316  2021-01-30 10:02   net/glxn/qrgen/core/scheme/ICal.class
     1819  2021-01-30 10:02   net/glxn/qrgen/core/scheme/SchemeUtil.class
     2996  2021-01-30 10:02   net/glxn/qrgen/core/AbstractQRCode.class
      500  2021-01-30 10:02   net/glxn/qrgen/core/exception/QRGenerationException.class
        0  2021-01-30 10:03   META-INF/maven/
        0  2021-01-30 10:03   META-INF/maven/com.github.kenglxn.QRGen/
        0  2021-01-30 10:03   META-INF/maven/com.github.kenglxn.QRGen/core/
     2952  2021-01-30 10:02   META-INF/maven/com.github.kenglxn.QRGen/core/pom.xml
      113  2021-01-30 10:02   META-INF/maven/com.github.kenglxn.QRGen/core/pom.properties
---------                     -------
    79744                     46 files

@kenglxn maybe you could provide this input: 2.6.0 was only released on jitpack - correct?

[ligi]

Some more information: I compared the files - the only differences are in ./META-INF/MANIFEST.MF and ./META-INF/maven/com.github.kenglxn.QRGen/core/pom.properties

< a3595d7ac5969fc24931875cc2ab89ebd54d5947349a2a050fee1fda4aa904fc4cf0a220815c5018bfdf84abe27e9813049c51b7f6f76b7e731cdbb24d30bd78  ./META-INF/MANIFEST.MF
---
> cd80977848a2e06e322fa7d88e0ba490140f232ead9bdff868ce259b3b01e9408b4158e31e963e2c33c6cd3dddf791e4992e5a10ed09dbcfa7112cbd1b67ffcf  ./META-INF/MANIFEST.MF
3c3
< 3d0a55b14d22b6029e5b6a05fb2f6ada38d17a8e3983654946e39dada1151bf137b70be712dfed96aba2fa5c1a429e0bca96652cc0ef5dd7b5d5f7b89800995e  ./META-INF/maven/com.github.kenglxn.QRGen/core/pom.properties
---
> 5bf9089e1fa7e62174a65af42b06db66e46e23df375fe68b6e54b7503592305d62cb0d45c09e87847e2bf94199b68e17d099f4319b482c991d433c0317dd5be1  ./META-INF/maven/com.github.kenglxn.QRGen/core/pom.properties

ligi@ligi-p1:~/tmp/checksum-problem/2$ diff META-INF/MANIFEST.MF ../1/META-INF/MANIFEST.MF 
5c5
< Build-Jdk: 1.8.0_212
---
> Build-Jdk: 1.8.0_252

ligi@ligi-p1:~/tmp/checksum-problem/2$ diff META-INF/maven/com.github.kenglxn.QRGen/core/pom.properties ../1//META-INF/maven/com.github.kenglxn.QRGen/core/pom.properties
2c2
< #Thu Jul 18 09:47:01 UTC 2019
---
> #Sat Jan 30 10:02:58 UTC 2021

--> so it should be safe to use this version - still wonder what triggered the rebuild @jitpack-io

[kenglxn]

thanks for reporting and checking this out. I will look into getting the maven central pipeline up again when I have som spare time.

[jitpack-io]

Hi all,

We have now restored the previous versions of core-2.6.0.jar and android-2.6.0-sources.jar so the checksums should be matching. In January we had a user asking why QRGen is not available and we had trouble accessing our long term object storage (like S3). The quickest way was to rebuild and that's what we did. It doesn't change the functionality but the downside is that checksums don't match. Sorry for the confusion.

[kenglxn]

@jitpack-io thanks for the follow up :)

[ligi]

@jitpack-io did it happen again? Just got this checksum issue:

Actual checksum is [360DA41EF035D204CD355FD3E1BE34894E2018878A073881556AD8AFEC374CAF2BFAD0B47B0AF91A4A1A02A343780F1625C1D2FCE026D112121B54096A991666], however expected one of [864A866A36BFECF7372CF50ACACCBEE87266ACB4F7E2A1D4155D27161FD4870F89FB8EBE8F42DACD284A8BCC1C27D4F976F1800D7F51B97C57CDF9F291CB10C1]:
      com.github.kenglxn.QRGen:android:2.6.0 (pgp=[], sha512=[360DA41EF035D204CD355FD3E1BE34894E2018878A073881556AD8AFEC374CAF2BFAD0B47B0AF91A4A1A02A343780F1625C1D2FCE026D112121B54096A991666])

[philipwhiuk]

Seen this recently as well for the javase module...