boost icon indicating copy to clipboard operation
boost copied to clipboard

Published 20 hours ago verified publisher icon boostorg

Error installing boost Verification checksum was incorrect

Open wswebcreation opened this issue 1 year ago • 86 comments

I'm developing a Mobile app with React Native (0.73.1) and for building the app I need to install the pods. The pods contains installing boos, see this file.

I get the following error

Installing boost (1.83.0)

[!] Error installing boost
Verification checksum was incorrect, expected 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

When I check this site I see the checksum should be 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e

When I do this on my Mac

curl -sL https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2 | shasum -a 256

5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff  -

I get a different checksum

Please let me know what I need to provide more to debug this

wswebcreation avatar Dec 31 '23 10:12 wswebcreation

I'm developing a Mobile app with React Native (0.73.1) and for building the app I need to install the pods. The pods contains installing boos, see this file.

I get the following error

Installing boost (1.83.0)

[!] Error installing boost
Verification checksum was incorrect, expected 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

When I check this site I see the checksum should be 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e

When I do this on my Mac

curl -sL https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2 | shasum -a 256

5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff  -

I get a different checksum

Please let me know what I need to provide more to debug this

Facing the same issue on M1 machine

RahulSingh225 avatar Dec 31 '23 10:12 RahulSingh225

move to node_modules/react-native/third-party-podspecs. Only change line spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2', :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' } to spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2', :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

Maybe jfrog close their server

vinpro24 avatar Dec 31 '23 10:12 vinpro24

I have the same issue with React Native 0.72.7

Error installing boost Verification checksum was incorrect, expected f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

boost version 1.76.0

codeion avatar Dec 31 '23 10:12 codeion

Just replace 83 with 76 and 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e with f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41

https://github.com/boostorg/boost/issues/843#issuecomment-1872918846

I have the same issue with React Native 0.72.7

Error installing boost Verification checksum was incorrect, expected f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

boost version 1.76.0

tecmusti avatar Dec 31 '23 11:12 tecmusti

Changing the checksum without knowing what happened isn’t a good solution. The checksum ensures the integrity and authenticity of your downloaded file, protecting against corrupted, incomplete, or maliciously altered files. If you bypass the checksum verification, you risk introducing security vulnerabilities, stability issues, or subtle bugs in your application. These can be challenging to diagnose and may compromise your application or user data.

So there’s a reason why they use checksums and it's up to you all if you want to skip it 😅

wswebcreation avatar Dec 31 '23 12:12 wswebcreation

Changing the checksum without knowing what happened doesn’t feel like a good solution. There’s a reason why they use checksums 😅

We are not changing the checksum. Original link is broken, just replacing it with sourceforge link.

tecmusti avatar Dec 31 '23 12:12 tecmusti

Ok, created a simple patch for this for RN 0.73.1, but everyone could do this

  1. Install patch-package:

    npm install --save-dev patch-package postinstall-postinstall

  2. Modify boost.podspec:

change

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

to

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  # Patched due to issue https://github.com/boostorg/boost/issues/843
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

  1. Create a Patch:

    • Run npx patch-package react-native to create a patch file based on your changes. This command generates a patch file in a directory called patches/.

  2. Apply the Patch Automatically:

    • Modify your package.json to apply the patch after installation. Add the following to your scripts section: 
      "scripts": {
  "postinstall": "patch-package"
}
    • Now, whenever you run npm install, patch-package will automatically apply the patch to the boost.podspec file.

wswebcreation avatar Dec 31 '23 12:12 wswebcreation

facing the same issue with react-native 0.68.1. any workaround for this?

ronenempathy avatar Dec 31 '23 13:12 ronenempathy

facing the same issue with react-native 0.68.1. any workaround for this?

Yes:

  1. Go to node_modules/react-native/third-party-podspecs from the root of your project
  2. check the boost.podspec for the version you need to use
  3. check https://sourceforge.net/projects/boost/files/boost/ for the link of the file you need to have
  4. get the checksum
  5. Follow the steps from https://github.com/boostorg/boost/issues/843#issuecomment-1872943124

wswebcreation avatar Dec 31 '23 13:12 wswebcreation

@wswebcreation since we are not pushing node_modules, is there any other ways to overcome this. this issue interrupts our CI as well.

ronenempathy avatar Dec 31 '23 16:12 ronenempathy

@ronenempathy

You are not creating a new module, you are creating a patch in your project that will be installed when you do the npm i

The steps mentioned above create the patch, here's how it looks like in my case

image

wswebcreation avatar Dec 31 '23 16:12 wswebcreation

What about for build systems like AppCenter, where node_modules are created at build time?

gregavola avatar Dec 31 '23 16:12 gregavola

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

dafilmorais avatar Dec 31 '23 16:12 dafilmorais

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

wswebcreation avatar Dec 31 '23 17:12 wswebcreation

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

Sorry, can't help with that

wswebcreation avatar Dec 31 '23 17:12 wswebcreation

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

Try running with verbose, pod install --verbose. Boost is 100+ MB ish depending on your connection.

sarunmrzn avatar Dec 31 '23 17:12 sarunmrzn

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

When AppCenter does a build, it generates does an yarn install to pull in everything in node_modules so editing these files locally, won't help the build process. Is there a way to override this on yarn install it pulls the correct url?

gregavola avatar Dec 31 '23 17:12 gregavola

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

Try running with verbose, pod install --verbose. Boost is 100+ MB ish depending on your connection.

Huh, looks like it is downloading. Just really slow. Thanks for the tip. Jfrog links are dead, should be up again later sometime hopefully.

dafilmorais avatar Dec 31 '23 17:12 dafilmorais

@wswebcreation

Ok, created a simple patch for this for RN 0.73.1, but everyone could do this

  1. Install patch-package: 
    npm install --save-dev patch-package postinstall-postinstall
  2. Modify boost.podspec:

change

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

to

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  # Patched due to issue https://github.com/boostorg/boost/issues/843
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

  1. Create a Patch:

    • Run npx patch-package react-native to create a patch file based on your changes. This command generates a patch file in a directory called patches/.

  2. Apply the Patch Automatically:

    • Modify your package.json to apply the patch after installation. Add the following to your scripts section: 
      "scripts": {
  "postinstall": "patch-package"
}
    • Now, whenever you run npm install, patch-package will automatically apply the patch to the boost.podspec file.

@wswebcreation Thanks this works for me.

twercedev avatar Dec 31 '23 18:12 twercedev

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

When AppCenter does a build, it generates does an yarn install to pull in everything in node_modules so editing these files locally, won't help the build process. Is there a way to override this on yarn install it pulls the correct url?

Try creating patch on your local computer and upload generated patch then modify package.json file to apply patches. This should work.

tecmusti avatar Dec 31 '23 18:12 tecmusti

Who else is facing incredible slowness in jFrog? it took almost 45 minutes to install boost

ali-sao avatar Dec 31 '23 22:12 ali-sao

Who else is facing incredible slowness in jFrog? it took almost 45 minutes to install boost

same here

Harisene avatar Jan 01 '24 06:01 Harisene

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

When AppCenter does a build, it generates does an yarn install to pull in everything in node_modules so editing these files locally, won't help the build process. Is there a way to override this on yarn install it pulls the correct url?

Follow these steps to create a patch. https://github.com/boostorg/boost/issues/843#issuecomment-1872943124

Now when running yarn install the patch will be applied in the App Center.

Harisene avatar Jan 01 '24 06:01 Harisene

is it safe to change from https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2 to https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2 ?

mina4gerges avatar Jan 01 '24 08:01 mina4gerges

Implemented the changes suggested as Suggested above, but it really didn't solve the problem. Made a patch of it, it doesn't solve the upstream problem, but crashes the pod install, somehow.

⚠️  Something went wrong running `pod install` in the `ios` directory.
Command `pod install` failed.
└─ Cause: Failed to load 'boost' podspec: 
[!] Invalid `boost.podspec` file: undefined local variable or method `min_supported_versions' for Pod:Module.

 #  from /Users/agrittiwari/wishup/client-app/node_modules/react-native/third-party-podspecs/boost.podspec:17
 #  -------------------------------------------
 #    # Pinning to the same version as React.podspec.
 >    spec.platforms = min_supported_versions
 #    spec.requires_arc = false
 #  -------------------------------------------


pod install --repo-update --ansi exited with non-zero code: 1

agrittiwari avatar Jan 01 '24 08:01 agrittiwari

Same issue face? Does it have a solution?

Implemented the changes suggested as Suggested above, but it really didn't solve the problem. Made a patch of it, it doesn't solve the upstream problem, but crashes the pod install, somehow.

⚠️  Something went wrong running `pod install` in the `ios` directory.
Command `pod install` failed.
└─ Cause: Failed to load 'boost' podspec: 
[!] Invalid `boost.podspec` file: undefined local variable or method `min_supported_versions' for Pod:Module.

 #  from /Users/agrittiwari/wishup/client-app/node_modules/react-native/third-party-podspecs/boost.podspec:17
 #  -------------------------------------------
 #    # Pinning to the same version as React.podspec.
 >    spec.platforms = min_supported_versions
 #    spec.requires_arc = false
 #  -------------------------------------------


pod install --repo-update --ansi exited with non-zero code: 1

Mitdd9707 avatar Jan 01 '24 11:01 Mitdd9707

How about android, still getting from origin website

Opusfwd avatar Jan 01 '24 11:01 Opusfwd

@agrittiwari @Mitdd9707 try replacing spec.platforms with: spec.platforms = { :ios => '11.0' } and create a patch again using npx patch-package react-native

Not sure if this is the best solution, it works for me.

iMiodrag avatar Jan 01 '24 12:01 iMiodrag

What happens when this is fixed? Is it smart to remove the patch and changes or just leave as is? Or when i update the react native version for example, do i have to update the boost.podspec patch?

TianMeh avatar Jan 01 '24 13:01 TianMeh

When this will get fix ?? This caused lot of problems in our current pipeline. I hope this will get fix ASAP.

sameerac-swivel avatar Jan 01 '24 13:01 sameerac-swivel