[GODRIVER-1851] verifying go.mongodb.org/mongo-driver@v1.4.5: checksum mismatch Created: 25/Jan/21 Updated: 27/Oct/23 Resolved: 02/Feb/21 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Drew Wells | Assignee: | Divjot Arora (Inactive) |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
We are seeing checksum mismatches for the mongo-driver package. https://github.com/mongodb/mongo-go-driver/releases/tag/v1.4.5 Did this tag published multiple times with different commit histories? Here's a blurb from our github-action, feel free to look at it here: https://github.com/infobloxopen/konk/pull/164/checks?check_run_id=1763876974 Click PR and it should scroll to the location.
|
| Comments |
| Comment by Divjot Arora (Inactive) [ 02/Feb/21 ] | |||||||
|
Closing as we believe this should have gone away with the new v1.4.6 release. If anyone has this issue when upgrading to that release, please feel free to leave another comment or open a new ticket and we can investigate as needed. | |||||||
| Comment by Divjot Arora (Inactive) [ 02/Feb/21 ] | |||||||
|
We've released version 1.4.6 of the driver, so hopefully this problem will go away. | |||||||
| Comment by Divjot Arora (Inactive) [ 27/Jan/21 ] | |||||||
|
bbytheway@solutionreach.com Apologies for the inconvenience. I'm actively looking into what's causing this. | |||||||
| Comment by Ben Bytheway [ 27/Jan/21 ] | |||||||
|
I wanted to add that I also ran into this issue today. It seems there are different packages of the driver getting served up, which breaks the hash verification. We had to pin the driver back to 1.4.4 for now:
| |||||||
| Comment by Divjot Arora (Inactive) [ 27/Jan/21 ] | |||||||
|
Thanks for the helpful information. ligser@gmail.com The difference between your local setup and Dependabot seems like a promising place to start. I'll do some more investigation into that. Also, we're planning on doing a 1.4.6 release next Tuesday, so this issue may go away once that happens. – Divjot | |||||||
| Comment by Roman Domrachev [ 27/Jan/21 ] | |||||||
|
This might be a CDN issue. On my local laptop (located in Moscow) I receive:
Dependabot (I dont know where it located) produce:
And my CI located in DigitalOcean FRA region downloads a same as dependabot:
| |||||||
| Comment by Andrew Garner [ 27/Jan/21 ] | |||||||
|
I encountered the exact same error after updating the go-openapi dependency using `go get -u github.com/go-openapi/validate` Running `go get go.mongodb.org/mongo-driver@v1.4.5` on my develop branch also produces the same error Looks like it might be an error in the https://sum.golang.org/ database? | |||||||
| Comment by Divjot Arora (Inactive) [ 26/Jan/21 ] | |||||||
|
dwells@infoblox.com I was unable to reproduce this issue. On a fresh host, I created a "v145test" module and ran "go get go.mongodb.org/mongo-driver@v1.4.5". After this, go.sum contains these lines:
The go.sum file in the source code for go-openapi/loads@v0.20.1 contains these lines as well. However, the go.sum file in the PR you linked contains this:
This seems to be the cause of this mismatch, so I think the next debugging step is to figure out this discrepancy. I downloaded infobloxopen/konk, ran "go build ./..." in the test/apiserver directory to fetch all of the existing modules, and then ran github.com/go-openapi/loads@v0.20.1. The final go.sum file contained the same line for the mongo-driver dependency as my module and openapi (hi:TLtO...). I'm unable to figure out why the go.sum file in the linked PR contains hi:z4.... rather than hi:TLtO... as the checksum. Can you provide the exact commands that were run to upgrade the go-openapi/loads dependency so we can continue investigating? – Divjot | |||||||
| Comment by Drew Wells [ 25/Jan/21 ] | |||||||
|
We're using go 1.15.x https://github.com/infobloxopen/konk/blob/main/.github/workflows/pr.yaml#L92-L95 | |||||||
| Comment by Divjot Arora (Inactive) [ 25/Jan/21 ] | |||||||
|
Thank you for the bug report. We apologize for any inconvenience this has caused you and will look into fixing it and possibly issuing another release ASAP. Can you share the version of Go you're using in your Github action to do this verification? – Divjot |