* [Buildroot] [PATCH 1/1] package/c-capnproto: fix tarball hash
@ 2021-01-12 18:11 Fabrice Fontaine
2021-01-13 21:17 ` Yann E. MORIN
0 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2021-01-12 18:11 UTC (permalink / raw
To: buildroot
Commit 5b95a5dc27c0d8002c00bda1c867ddea9218087e seems to have made a
mistake in the tarball hash
Fixes:
- http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/c-capnproto/c-capnproto.hash | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/c-capnproto/c-capnproto.hash b/package/c-capnproto/c-capnproto.hash
index e215400ce5..493b45c7cd 100644
--- a/package/c-capnproto/c-capnproto.hash
+++ b/package/c-capnproto/c-capnproto.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 1e35ef786bd8e418ff04fccb20ac881a87fa2fa76df1cbddc4774e35423bafb8 c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
+sha256 6913e2016b89987861566b1d0efe935fee1604bd3fb847cabaef354a9516d57b c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
sha256 27797e6c7dce96675d79ed250584d157b7a86405db6eb6fba9644e6d96d42c57 COPYING
--
2.29.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/c-capnproto: fix tarball hash
2021-01-12 18:11 [Buildroot] [PATCH 1/1] package/c-capnproto: fix tarball hash Fabrice Fontaine
@ 2021-01-13 21:17 ` Yann E. MORIN
2021-01-13 21:22 ` Yann E. MORIN
0 siblings, 1 reply; 5+ messages in thread
From: Yann E. MORIN @ 2021-01-13 21:17 UTC (permalink / raw
To: buildroot
Fabrice, All,
On 2021-01-12 19:11 +0100, Fabrice Fontaine spake thusly:
> Commit 5b95a5dc27c0d8002c00bda1c867ddea9218087e seems to have made a
> mistake in the tarball hash
Actually, I just re-checked locally, and I indeed still get the hash
currently in the tree.
I will run the build in a Debian 10 image to try and reproduce the
issue.
What distro do you have, and what hash do you get on it?
Regards,
Yann E. MORIN.
> Fixes:
> - http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/c-capnproto/c-capnproto.hash | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/c-capnproto/c-capnproto.hash b/package/c-capnproto/c-capnproto.hash
> index e215400ce5..493b45c7cd 100644
> --- a/package/c-capnproto/c-capnproto.hash
> +++ b/package/c-capnproto/c-capnproto.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> -sha256 1e35ef786bd8e418ff04fccb20ac881a87fa2fa76df1cbddc4774e35423bafb8 c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
> +sha256 6913e2016b89987861566b1d0efe935fee1604bd3fb847cabaef354a9516d57b c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
> sha256 27797e6c7dce96675d79ed250584d157b7a86405db6eb6fba9644e6d96d42c57 COPYING
> --
> 2.29.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/c-capnproto: fix tarball hash
2021-01-13 21:17 ` Yann E. MORIN
@ 2021-01-13 21:22 ` Yann E. MORIN
2021-01-13 21:44 ` Yann E. MORIN
0 siblings, 1 reply; 5+ messages in thread
From: Yann E. MORIN @ 2021-01-13 21:22 UTC (permalink / raw
To: buildroot
Fabrice, All,
On 2021-01-13 22:17 +0100, Yann E. MORIN spake thusly:
> On 2021-01-12 19:11 +0100, Fabrice Fontaine spake thusly:
> > Commit 5b95a5dc27c0d8002c00bda1c867ddea9218087e seems to have made a
> > mistake in the tarball hash
>
> Actually, I just re-checked locally, and I indeed still get the hash
> currently in the tree.
Ah, but I am able to reproduce the problem with the _host_ variant!
So, the hash is correct when downloading the target variant, but it is
not when downloading the host variant. Woot.. Weird... :-/
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/c-capnproto: fix tarball hash
2021-01-13 21:22 ` Yann E. MORIN
@ 2021-01-13 21:44 ` Yann E. MORIN
2021-01-13 22:28 ` Arnout Vandecappelle
0 siblings, 1 reply; 5+ messages in thread
From: Yann E. MORIN @ 2021-01-13 21:44 UTC (permalink / raw
To: buildroot
Fabrice, All,
On 2021-01-13 22:22 +0100, Yann E. MORIN spake thusly:
> On 2021-01-13 22:17 +0100, Yann E. MORIN spake thusly:
> > On 2021-01-12 19:11 +0100, Fabrice Fontaine spake thusly:
> > > Commit 5b95a5dc27c0d8002c00bda1c867ddea9218087e seems to have made a
> > > mistake in the tarball hash
> >
> > Actually, I just re-checked locally, and I indeed still get the hash
> > currently in the tree.
> Ah, but I am able to reproduce the problem with the _host_ variant!
>
> So, the hash is correct when downloading the target variant, but it is
> not when downloading the host variant. Woot.. Weird... :-/
So what if I interrrupt the download process right after the archive is
generated from the git repo, but just before we check the hashes ?
$ ls -l output/build/.c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz.Byiova/output
-rw-r--r-- 1 ymorin ymorin 82K Jan 13 22:25 output/build/.c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz.Byiova/output
$ ls -l ${BR2_DL_DIR}/c-capnproto/c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
-rw-r--r-- 1 ymorin ymorin 1.4M Jan 13 22:20 c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
Wut? 82K vs. 1.4M?
And just by looking at package/c-capnproto/c-capnproto.mk I got an epiphany.
c-capnproto uses git submodules.
And indeed, the git submodule setting is not inherited from the target
variant to the host variant.
Joel: why is the host variant building successfully, but the target
variant needs the git submodules? Anyway, this is a separate topic for
further investigation.
Anyway, this is a real bug in our infra. How many packages are affected?
To be affected, a package must use git submodules, and have a host
variant:
$ git grep -l 'GIT_SUBMODULES = YES' |sed -r -e '\,support/,d'
package/azure-iot-sdk-c/azure-iot-sdk-c.mk
package/brickd/brickd.mk
package/c-capnproto/c-capnproto.mk
package/gstreamer1/gst1-interpipe/gst1-interpipe.mk
package/gstreamer1/gst1-shark/gst1-shark.mk
package/open62541/open62541.mk
And how many have a host variant:
$ grep -l -E 'host-.+-package' $(git grep -l 'GIT_SUBMODULES = YES' |sed -r -e '\,support/,d')
package/c-capnproto/c-capnproto.mk
Exactly one.
I missed one package when doing the conversion. One, Damned. Package.
And we were lucky one of the autobuilders noticed only just a few days
later.
Woot!
I'll send a fix patch, but the hash is definitely correct.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/c-capnproto: fix tarball hash
2021-01-13 21:44 ` Yann E. MORIN
@ 2021-01-13 22:28 ` Arnout Vandecappelle
0 siblings, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle @ 2021-01-13 22:28 UTC (permalink / raw
To: buildroot
On 13/01/2021 22:44, Yann E. MORIN wrote:
> Fabrice, All,
>
> On 2021-01-13 22:22 +0100, Yann E. MORIN spake thusly:
>> On 2021-01-13 22:17 +0100, Yann E. MORIN spake thusly:
>>> On 2021-01-12 19:11 +0100, Fabrice Fontaine spake thusly:
>>>> Commit 5b95a5dc27c0d8002c00bda1c867ddea9218087e seems to have made a
>>>> mistake in the tarball hash
>>>
>>> Actually, I just re-checked locally, and I indeed still get the hash
>>> currently in the tree.
>> Ah, but I am able to reproduce the problem with the _host_ variant!
>>
>> So, the hash is correct when downloading the target variant, but it is
>> not when downloading the host variant. Woot.. Weird... :-/
>
> So what if I interrrupt the download process right after the archive is
> generated from the git repo, but just before we check the hashes ?
>
> $ ls -l output/build/.c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz.Byiova/output
> -rw-r--r-- 1 ymorin ymorin 82K Jan 13 22:25 output/build/.c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz.Byiova/output
>
> $ ls -l ${BR2_DL_DIR}/c-capnproto/c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
> -rw-r--r-- 1 ymorin ymorin 1.4M Jan 13 22:20 c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d-br1.tar.gz
>
> Wut? 82K vs. 1.4M?
>
> And just by looking at package/c-capnproto/c-capnproto.mk I got an epiphany.
> c-capnproto uses git submodules.
>
> And indeed, the git submodule setting is not inherited from the target
> variant to the host variant.
>
> Joel: why is the host variant building successfully, but the target
> variant needs the git submodules? Anyway, this is a separate topic for
> further investigation.
Yann found the reason and explained it to me on IRC. Before the change of
tarball name, the normal download of host-c-capnproto indeed failed the hash
check. However, the autobuilders always fall back to sources.buildroot.net, and
there indeed we have the tarball with the correct hash. I could reproduce this
locally:
2021-01-13T23:20:50 >>> host-c-capnproto
9053ebe6eeb2ae762655b982e27c341cb568366d Downloading
2021-01-13T23:20:50 Initialized empty Git repository in
/home/arnout/src/buildroot-dl/c-capnproto/git/.git/
2021-01-13T23:20:50 Fetching all references
2021-01-13T23:20:52 remote: Enumerating objects: 1, done.
2021-01-13T23:20:52 remote: Counting objects: 100% (1/1)^Mremote: Counting
objects: 100% (1/1), done.
[snip]
2021-01-13T23:20:57 ERROR:
c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d.tar.gz has wrong sha256 hash:
2021-01-13T23:20:57 ERROR: expected:
88c454f4f4bad87c9b60cd739c7da5605c1085c0e92b317dd72d547bbb804279
2021-01-13T23:20:57 ERROR: got :
8137ec5f468b2a084854954f6d405138106cfebcf150f4342fb27760184812f6
2021-01-13T23:20:57 ERROR: Incomplete download, or man-in-the-middle (MITM) attack
2021-01-13T23:20:57 --2021-01-13 23:20:57--
http://sources.buildroot.net/c-capnproto/c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d.tar.gz
2021-01-13T23:20:57 Resolving sources.buildroot.net (sources.buildroot.net)...
2606:4700:20::681a:25, 2606:4700:20::ac43:4838, 2606:4700:20::681a:125, ...
2021-01-13T23:20:57 Connecting to sources.buildroot.net
(sources.buildroot.net)|2606:4700:20::681a:25|:80... connected.
2021-01-13T23:20:58 HTTP request sent, awaiting response... 200 OK
2021-01-13T23:20:58 Length: 1367744 (1.3M) [application/x-gtar-compressed]
2021-01-13T23:20:58 Saving to:
?/home/arnout/src/buildroot/output/build/.c-capnproto-9053ebe6eeb2ae762655b982e27c341cb568366d.tar.gz.xuepYv/output?
And how is it possible that we didn't notice this before while doing a version
bump? Well, c-capnproto depends on host-gcc >= 5, and we only have one
autobuilder with a recent gcc (Heiko's), and that one was only added in July
this year. The previous bump of c-capnproto was in June.
Regards,
Arnout
>
> Anyway, this is a real bug in our infra. How many packages are affected?
> To be affected, a package must use git submodules, and have a host
> variant:
>
> $ git grep -l 'GIT_SUBMODULES = YES' |sed -r -e '\,support/,d'
> package/azure-iot-sdk-c/azure-iot-sdk-c.mk
> package/brickd/brickd.mk
> package/c-capnproto/c-capnproto.mk
> package/gstreamer1/gst1-interpipe/gst1-interpipe.mk
> package/gstreamer1/gst1-shark/gst1-shark.mk
> package/open62541/open62541.mk
>
> And how many have a host variant:
>
> $ grep -l -E 'host-.+-package' $(git grep -l 'GIT_SUBMODULES = YES' |sed -r -e '\,support/,d')
> package/c-capnproto/c-capnproto.mk
>
> Exactly one.
>
> I missed one package when doing the conversion. One, Damned. Package.
> And we were lucky one of the autobuilders noticed only just a few days
> later.
>
> Woot!
>
> I'll send a fix patch, but the hash is definitely correct.
>
> Regards,
> Yann E. MORIN.
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-01-13 22:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-12 18:11 [Buildroot] [PATCH 1/1] package/c-capnproto: fix tarball hash Fabrice Fontaine
2021-01-13 21:17 ` Yann E. MORIN
2021-01-13 21:22 ` Yann E. MORIN
2021-01-13 21:44 ` Yann E. MORIN
2021-01-13 22:28 ` Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.