Doesn't run. Checksum missing for alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub

FalcoGer commented 2 years ago

I downloaded the build-alpine script and ran it in bash as root. This is the output.

Determining the latest release... v3.15
Using static apk from http://dl-cdn.alpinelinux.org/alpine//v3.15/main/x86_64
Downloading alpine-keys-2.4-r1.apk
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
Downloading apk-tools-static-2.12.7-r3.apk
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1'
ERROR: checksum is missing for alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
Failed to download a valid static apk

Workaround by disabling checksum check near line 70

if [ -z "$checksum" ]; then
        echo "ERROR: checksum is missing for $keyname"
        # return 1
    fi
    # (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1

D3vil0p3r commented 2 years ago

Hello @FalcoGer for solving this issue, you need to add at the beginning of build-alpine script the sha256 of alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub.

That error probably occurs because inside $rootfs/sbin we have the following file: apk.static.SIGN.RSA.alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub on which the script must verify the checksum for alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub but it cannot find it because it is not defined at the beginning of build-alpine script in key_sha256sums variable. So, for solving this, you can calculate the sha256 hash of that key that is inside $rootfs/etc/apk/keys folder, i.e.:

cat rootfs/etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub | sha256sum

then, you need to add inside the key_sha256sums variable of build-alpine script the sha256sum result as the following string:

207e4696d3c05f7cb05966aee557307151f1f00217af4143c1bcaf33b8df733f  alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub

Save the script and run it. Let me know if it works.

For @saghul, please, add this change on build-alpine script.

Thank you

saghul commented 2 years ago

Can either of you send a PR please?

D3vil0p3r commented 2 years ago

@saghul just sent.

Please, let me know when the PR will be applied.

saghul commented 2 years ago

Merged!

saghul / lxd-alpine-builder

Doesn't run. Checksum missing for alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub #6