FS#73667 - [nextcloud] package v 23.0.1-1 produces code integrity check failures
Attached to Project:
Community Packages
Opened by Markus (wolegis) - Monday, 07 February 2022, 13:13 GMT
Last edited by freswa (frederik) - Tuesday, 08 February 2022, 12:11 GMT
Opened by Markus (wolegis) - Monday, 07 February 2022, 13:13 GMT
Last edited by freswa (frederik) - Tuesday, 08 February 2022, 12:11 GMT
|
Details
Description:
Installing the latest version of nextcloud package produced code integrity check failures Details see https://gist.github.com/wolegis/91d21404c72abd40e9628cd649b286ac What bothers me: No way on Nextcloud's website to download 23.0.1. I finally managed to get hold of the tar-ball by manually manipulating the download URL of 23.0.0. https://download.nextcloud.com/server/releases/nextcloud-23.0.1.tar.bz2 A few random checks revealed: The [expected] hashes match what can be found in the tar-ball. I'm confused... Has the 23.0.1 tar-ball silently been replaced by some other version since the Arch Linux package was built? Steps to reproduce: Ugrade to version 23.0.1-1, log-in as admin, go to Settings, Overview. This triggers the code integrity check. |
This task depends upon
Closed by freswa (frederik)
Tuesday, 08 February 2022, 12:11 GMT
Reason for closing: Won't fix
Additional comments about closing: We can't alter signed hashes.
Tuesday, 08 February 2022, 12:11 GMT
Reason for closing: Won't fix
Additional comments about closing: We can't alter signed hashes.
Some other random checks verified that the [current] hashes match what can be found in the Arch linux package.
So I more and more come to the conclusion that
1. 23.0.1 has not been officially released yet and because of that
2. the Nextcloud guys took the liberty to update the tar-ball on their download server at least once.
FS#73452).[1] https://github.com/archlinux/svntogit-community/blob/3416e0d640dd0960e9fabf18fdc443bc295a0976/trunk/PKGBUILD#L88-L97