Investigate camel-k client hash verification failure for mirror

Question

Investigate camel-k client hash verification failure for mirror

Closed this issue 2 years ago · 13 comments

Hash verification of camel-k client is failing after the latest release. Investigate/Enquire the same with OpenShift Mirror team.

Details: https://github.com/redhat-actions/openshift-tools-installer/runs/6584115605?check_suite_focus=true#step:3:176

Answer 1 · 2022-05-25T23:33:44.000Z

The mac and windows are bogus too but here is a simple script to show the issue with the files in the mirror.

URL=https://mirror.openshift.com/pub/openshift-v4/clients/camel-k/1.6.6/camel-k-client-1.6.6-linux-64bit.tar.gz > camel-k-client-1.6.6-linux-64bit.tar.gz
FILE=$(basename $URL)
 
curl $URL > $FILE
curl $URL.md5 > $FILE.md5
cat $FILE.md5
md5sum $FILE 

EXPECTED=$(cat $FILE.md5)
ACTUAL=$(md5sum $FILE)
if [ "$EXPECTED" != "$ACTUAL" ]; then 
  echo "BOGUS FILE in openshift mirror" 
  echo "EXPECTED $EXPECTED" 
  echo "ACTUAL $ACTUAL" 
fi

Answer 2 · 2022-05-27T17:49:20.000Z

@squakez @oscerd ^^

Answer 3 · 2022-05-27T18:44:30.000Z

.md5 actually contains sha256 hash instead 🤔 (it matches with the original file). Anyway, we're looking into this and should be fixed ASAP 😉

Answer 4 · 2022-05-27T19:06:25.000Z

This seems weird.

Answer 5 · 2022-05-27T19:44:39.000Z

I actually tried sha256 to see if there was a mix-up but whatever I tried didn't match either...

…

On Fri., May 27, 2022, 3:06 p.m. Andrea Cosentino, ***@***.***> wrote: This seems weird. — Reply to this email directly, view it on GitHub <#78 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB33CXSRIP4HGOE6D5RQYOTVMEMLXANCNFSM5W3TGQUQ> . You are receiving this because you commented.Message ID: ***@***.***>

Answer 6 · 2022-05-30T07:24:14.000Z

It seems the md5 checksum file uploaded is not the correct one. The correct one is:

$ cat mac-client-1.6.6.fuse-800003-redhat-00001.tar.gz.md5 
dc5234b19c708129d76f3040c4ba9482  mac-client-1.6.6.fuse-800003-redhat-00001.tar.gz

and that md5 file is not the one uploaded into the expected directory. Instead there is some wrong d7b531739e6772b44ef4b8201a8e0a5c508c93e87019970c6d14bbe80859a279 (which I don't know where it is coming from). The files are uploaded via ART ticket in Jira: https://issues.redhat.com/browse/ART-4072 - it is mentioned there there was some sync problem. Maybe that affected the upload process. I suggest to re-execute that (above all the md5 files upload).

Answer 7 · 2022-06-02T07:27:19.000Z

FYI md5 files for clients were fixed

Answer 8 · 2022-06-02T07:46:12.000Z

I do see a change in the naming convention inside the md5 file.
Earlier it used to be camel-k-client-1.6.6-mac-64bit.tar.gz (same as name of binary downloaded) but now it is mac-client-1.6.6.fuse-800003-redhat-00001.tar.gz. Is there any specific reason for this change as hash verification from our end is still failing due to this change (as it is designed to match the name of the downloaded file, very similar to other tools in the mirror)

Answer 9 · 2022-06-02T08:00:43.000Z

I can see they have the expected naming conventions:

Answer 10 · 2022-06-02T08:04:43.000Z

Yeah that's fine. I was talking about contents inside camel-k-client-1.6.6-mac-64bit.tar.gz.md5. Earlier it used to be something like

dc5234b19c708129d76f3040c4ba9482  camel-k-client-1.6.6-mac-64bit.tar.gz

But now it is:

dc5234b19c708129d76f3040c4ba9482  mac-client-1.6.6.fuse-800003-redhat-00001.tar.gz

Answer 11 · 2022-06-02T08:07:10.000Z

Ah, okey. I will report back to the original request and see if they can fix it.

Answer 12 · 2022-06-02T08:07:48.000Z

Great, Thanks!

Answer 13 · 2022-06-06T03:03:38.000Z

This seems to be resolved now. Thanks all!