FS#72612 - [nss] nss-3.72.tar.gz fails sha256sums verification
Attached to Project:
Arch Linux
Opened by kpcyrd (kpcyrd) - Tuesday, 02 November 2021, 12:55 GMT
Last edited by Jan Alexander Steffens (heftig) - Tuesday, 23 November 2021, 17:16 GMT
Opened by kpcyrd (kpcyrd) - Tuesday, 02 November 2021, 12:55 GMT
Last edited by Jan Alexander Steffens (heftig) - Tuesday, 23 November 2021, 17:16 GMT
|
Details
Description:
The checksum pinned in the PKGBUILD doesn't seem to match the current tar ball, possibly due to re-tagging: ``` ==> Retrieving sources... -> Downloading nss-3.72.tar.gz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0 5 80.0M 5 4909k 0 0 560k 0 0:02:26 0:00:08 0:02:18 988k 100 80.0M 100 80.0M 0 0 9043k 0 0:00:09 0:00:09 --:--:-- 18.7M -> Found certdata2pem.py -> Found bundle.sh ==> WARNING: Skipping verification of source file PGP signatures. ==> Validating source files with sha256sums... nss-3.72.tar.gz ... FAILED certdata2pem.py ... Passed bundle.sh ... Passed ==> ERROR: One or more files did not pass the validity check! [1m[34m ->[0m[1m Delete snapshot for nss_3686495...[0m ``` Steps to reproduce: rebuildctl -H 'https://reproducible.archlinux.org' pkgs log --name nss | tail |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Tuesday, 23 November 2021, 17:16 GMT
Reason for closing: Fixed
Additional comments about closing: nss 3.72-2
Tuesday, 23 November 2021, 17:16 GMT
Reason for closing: Fixed
Additional comments about closing: nss 3.72-2
Comment by . (-_-) - Tuesday, 23
November 2021, 16:11 GMT
Comment by
Jan Alexander Steffens (heftig) -
Tuesday, 23 November 2021, 17:15 GMT
there is still a hash mismatch.
Compared the old and the new tarball. Archive contents are
identical, the old file had about 2M of garbage after the end of
the archive.