search

laravel / nova-issues

553 stars 34 forks source link

Checksum check failing #3806

Closed Bittarman closed 2 years ago

Bittarman commented 2 years ago

Description:

The composer install step in our CI Pipeline is failing as the checksum for the nova version we are locked to has changed

- Installing laravel/nova (v2.9.4): Downloading (100%)    Failed to download laravel/nova from dist: The checksum verification of the file failed (downloaded from https://nova.laravel.com/dist/laravel/nova/laravel-nova-xxxxx-zip-66ff64.zip)
    Now trying to download from source

Detailed steps to reproduce the issue on a fresh Nova installation:

run composer install with a lock file including a version of nova that has not changed in 2 years...

crynobone commented 2 years ago

Can you submit the composer.lock file?

Bittarman commented 2 years ago

I cannot submit the full lock file, there would be references to internal projects in there. Here is the relevant section to nova however

        {
            "name": "laravel/nova",
            "version": "v2.9.4",
            "source": {
                "type": "git",
                "url": "git@github.com:laravel/nova.git",
                "reference": "98f7dac7cf6518e57398f9e73b4068d705daf60f"
            },
            "dist": {
                "type": "zip",
                "url": "https://nova.laravel.com/dist/laravel/nova/laravel-nova-xxxxx-zip-66ff64.zip",
                "reference": "xxxxx",
                "shasum": "yyyyy"
            },
            "require": {
                "cakephp/chronos": "^1.0",
                "doctrine/dbal": "^2.9",
                "illuminate/support": "^5.7.15 | 5.8.* | ^6.0",
                "moontoast/math": "^1.1",
                "php": ">=7.1.0",
                "spatie/once": "^1.1 | ^2.0",
                "symfony/finder": "^4.0"
            },
            "require-dev": {
                "mockery/mockery": "^1.0",
                "orchestra/testbench": "3.7.* | 3.8.*",
                "phpunit/phpunit": "^7.0 | ^8.0",
                "predis/predis": "^1.1"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "2.x-dev"
                },
                "laravel": {
                    "providers": [
                        "Laravel\\Nova\\NovaCoreServiceProvider"
                    ],
                    "aliases": {
                        "Nova": "Laravel\\Nova\\Nova"
                    }
                }
            },
            "autoload": {
                "psr-4": {
                    "Laravel\\Nova\\": "src/"
                }
            },
            "autoload-dev": {
                "psr-4": {
                    "Laravel\\Nova\\Tests\\": "tests/"
                }
            },
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Taylor Otwell",
                    "email": "taylor@laravel.com"
                }
            ],
            "description": "A wonderful administration interface for Laravel.",
            "keywords": [
                "admin",
                "laravel"
            ],
            "time": "2020-01-21T18:45:10+00:00"
        },
crynobone commented 2 years ago 
curl -o nova.zip https://nova.laravel.com/dist/laravel/nova/laravel-nova-xxxxx.zip --user nova-user:license-key
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 1477k  100 1477k    0     0  2081k      0 --:--:-- --:--:-- --:--:-- 2098k

Unable to reproduce, the file downloaded correctly.

Please check your credential and if you still have an issue, please email the detail to nova@laravel.com

Subject: Unable to fetch Laravel Nova using Composer
Nova User Account:
Password Method: Password / License Key
Version: 
Available License: Orion / Silver Surfer / Both
WouterFlorijn commented 2 years ago

@crynobone we're having the same issue starting today. Perhaps the url is unstable, making it not 100% reproducible. But please don't dismiss this.

crynobone commented 2 years ago

@WouterFlorijn We need more information to solve the issue, and some can only be verify privately via email to Nova support.

Bittarman commented 2 years ago

The file downloads, it is the checksum which is failing.

Bittarman commented 2 years ago

Your reproduce steps don't include a checksum...

Bittarman commented 2 years ago

❯ shasum nova.zip b174f4e10e0fd4006af5df7e2d666b2e28b6243b nova.zip

expected shasum was previously in the lockfile section I posted, but you removed it for some reason.

pushpak commented 2 years ago

same issue for us

Bittarman commented 2 years ago

This could be something as simple as it got re-zipped with a different compression? The contents of the zip appear to be identical

crynobone commented 2 years ago

Can you run composer update mirrors and then only composer install.

https://github.com/composer/composer/issues/7459

Bittarman commented 2 years ago

This works around the issue, but poor show considering that the checksum is there for a reason.

crynobone commented 2 years ago

The checksum changes were done by Satis and were not due to any URL changes or force push to laravel/nova repositories.

Unfortunately, in order to upgrade the website to PHP 8, we have to update Satis to the latest version which contains these changes. Can we revert it? No, without potentially causing more issues.

taylorotwell commented 2 years ago

I have documented this in the upgrade guide.

Bittarman commented 2 years ago

Upgrade? what upgrade? we were not upgrading anything...

taylorotwell commented 2 years ago

Ah, ok - well, then yes, you will need to run composer update mirrors if you have this issue.

pushpak commented 2 years ago

Upgrade? what upgrade? we were not upgrading anything...

https://github.com/laravel/nova-issues/issues/3802#issuecomment-1088674823