Error installing boost Verification checksum was incorrect

[wswebcreation]

I'm developing a Mobile app with React Native (0.73.1) and for building the app I need to install the pods. The pods contains installing boos, see this file.

I get the following error

Installing boost (1.83.0)

[!] Error installing boost
Verification checksum was incorrect, expected 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

When I check this site I see the checksum should be 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e

When I do this on my Mac

curl -sL https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2 | shasum -a 256

5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff  -

I get a different checksum

Please let me know what I need to provide more to debug this

[RahulSingh225]

I'm developing a Mobile app with React Native (0.73.1) and for building the app I need to install the pods. The pods contains installing boos, see this file.

I get the following error

Installing boost (1.83.0)

[!] Error installing boost
Verification checksum was incorrect, expected 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

When I check this site I see the checksum should be 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e

When I do this on my Mac

curl -sL https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2 | shasum -a 256

5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff  -

I get a different checksum

Please let me know what I need to provide more to debug this

Facing the same issue on M1 machine

[vinpro24]

move to node_modules/react-native/third-party-podspecs. Only change line spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2', :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' } to spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2', :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

Maybe jfrog close their server

[codeion]

I have the same issue with React Native 0.72.7

Error installing boost Verification checksum was incorrect, expected f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

boost version 1.76.0

[tecmusti]

Just replace 83 with 76 and 6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e with f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41

https://github.com/boostorg/boost/issues/843#issuecomment-1872918846

I have the same issue with React Native 0.72.7

Error installing boost Verification checksum was incorrect, expected f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41, got 5e89103d9b70bba5c91a794126b169cb67654be2051f90cf7c22ba6893ede0ff

boost version 1.76.0

[wswebcreation]

Changing the checksum without knowing what happened isn’t a good solution. The checksum ensures the integrity and authenticity of your downloaded file, protecting against corrupted, incomplete, or maliciously altered files. If you bypass the checksum verification, you risk introducing security vulnerabilities, stability issues, or subtle bugs in your application. These can be challenging to diagnose and may compromise your application or user data.

So there’s a reason why they use checksums and it's up to you all if you want to skip it 😅

[tecmusti]

Changing the checksum without knowing what happened doesn’t feel like a good solution. There’s a reason why they use checksums 😅

We are not changing the checksum. Original link is broken, just replacing it with sourceforge link.

[wswebcreation]

Ok, created a simple patch for this for RN 0.73.1, but everyone could do this

1. Install patch-package:

   npm install --save-dev patch-package postinstall-postinstall
   

2. Modify boost.podspec:

change

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

to

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  # Patched due to issue https://github.com/boostorg/boost/issues/843
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

3. Create a Patch:

   • Run npx patch-package react-native to create a patch file based on your changes. This command generates a patch file in a directory called patches/.

4. Apply the Patch Automatically:

   • Modify your package.json to apply the patch after installation. Add the following to your scripts section:

     "scripts": {
       "postinstall": "patch-package"
     }
     

   • Now, whenever you run npm install, patch-package will automatically apply the patch to the boost.podspec file.

[ronenempathy]

facing the same issue with react-native 0.68.1. any workaround for this?

[wswebcreation]

facing the same issue with react-native 0.68.1. any workaround for this?

Yes:

1. Go to node_modules/react-native/third-party-podspecs from the root of your project
2. check the boost.podspec for the version you need to use
3. check https://sourceforge.net/projects/boost/files/boost/ for the link of the file you need to have
4. get the checksum
5. Follow the steps from https://github.com/boostorg/boost/issues/843#issuecomment-1872943124

[ronenempathy]

@wswebcreation since we are not pushing node_modules, is there any other ways to overcome this. this issue interrupts our CI as well.

[wswebcreation]

@ronenempathy

You are not creating a new module, you are creating a patch in your project that will be installed when you do the npm i

The steps mentioned above create the patch, here's how it looks like in my case

[gregavola]

What about for build systems like AppCenter, where node_modules are created at build time?

[dafilmorais]

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

[wswebcreation]

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

[wswebcreation]

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

Sorry, can't help with that

[sarunmrzn]

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

Try running with verbose, pod install --verbose. Boost is 100+ MB ish depending on your connection.

[gregavola]

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

When AppCenter does a build, it generates does an yarn install to pull in everything in node_modules so editing these files locally, won't help the build process. Is there a way to override this on yarn install it pulls the correct url?

[dafilmorais]

Doesn't work. It just hangs "installing boost (1.76.0)" Using sourceforge

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.76.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.76.0/boost_1_76_0.tar.bz2',
                  :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }

  # Pinning to the same version as React.podspec.
  spec.platforms = { :ios => '11.0' }
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

Try running with verbose, pod install --verbose. Boost is 100+ MB ish depending on your connection.

Huh, looks like it is downloading. Just really slow. Thanks for the tip. Jfrog links are dead, should be up again later sometime hopefully.

[twercedev]

@wswebcreation

Ok, created a simple patch for this for RN 0.73.1, but everyone could do this

1. Install patch-package:

   npm install --save-dev patch-package postinstall-postinstall
   

2. Modify boost.podspec:

change

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

to

# Copyright (c) Meta Platforms, Inc. and affiliates.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.

Pod::Spec.new do |spec|
  spec.name = 'boost'
  spec.version = '1.83.0'
  spec.license = { :type => 'Boost Software License', :file => "LICENSE_1_0.txt" }
  spec.homepage = 'http://www.boost.org'
  spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
  spec.authors = 'Rene Rivera'
  # Patched due to issue https://github.com/boostorg/boost/issues/843
  spec.source = { :http => 'https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2',
                  :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }

  # Pinning to the same version as React.podspec.
  spec.platforms = min_supported_versions
  spec.requires_arc = false

  spec.module_name = 'boost'
  spec.header_dir = 'boost'
  spec.preserve_path = 'boost'
end

3. Create a Patch:

   • Run npx patch-package react-native to create a patch file based on your changes. This command generates a patch file in a directory called patches/.

4. Apply the Patch Automatically:

   • Modify your package.json to apply the patch after installation. Add the following to your scripts section:

     "scripts": {
       "postinstall": "patch-package"
     }
     

   • Now, whenever you run npm install, patch-package will automatically apply the patch to the boost.podspec file.

@wswebcreation Thanks this works for me.

[tecmusti]

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

When AppCenter does a build, it generates does an yarn install to pull in everything in node_modules so editing these files locally, won't help the build process. Is there a way to override this on yarn install it pulls the correct url?

Try creating patch on your local computer and upload generated patch then modify package.json file to apply patches. This should work.

[ali-sao]

Who else is facing incredible slowness in jFrog? it took almost 45 minutes to install boost

[Harisene]

Who else is facing incredible slowness in jFrog? it took almost 45 minutes to install boost

same here

[Harisene]

What about for build systems like AppCenter, where node_modules are created at build time?

What do you mean?

When AppCenter does a build, it generates does an yarn install to pull in everything in node_modules so editing these files locally, won't help the build process. Is there a way to override this on yarn install it pulls the correct url?

Follow these steps to create a patch. https://github.com/boostorg/boost/issues/843#issuecomment-1872943124

Now when running yarn install the patch will be applied in the App Center.

[mina4gerges]

is it safe to change from https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2 to https://sourceforge.net/projects/boost/files/boost/1.83.0/boost_1_83_0.tar.bz2 ?

[agrittiwari]

Implemented the changes suggested as Suggested above, but it really didn't solve the problem. Made a patch of it, it doesn't solve the upstream problem, but crashes the pod install, somehow.

⚠️  Something went wrong running `pod install` in the `ios` directory.
Command `pod install` failed.
└─ Cause: Failed to load 'boost' podspec: 
[!] Invalid `boost.podspec` file: undefined local variable or method `min_supported_versions' for Pod:Module.

 #  from /Users/agrittiwari/wishup/client-app/node_modules/react-native/third-party-podspecs/boost.podspec:17
 #  -------------------------------------------
 #    # Pinning to the same version as React.podspec.
 >    spec.platforms = min_supported_versions
 #    spec.requires_arc = false
 #  -------------------------------------------


pod install --repo-update --ansi exited with non-zero code: 1

[Mitdd9707]

Same issue face? Does it have a solution?

Implemented the changes suggested as Suggested above, but it really didn't solve the problem. Made a patch of it, it doesn't solve the upstream problem, but crashes the pod install, somehow.

⚠️  Something went wrong running `pod install` in the `ios` directory.
Command `pod install` failed.
└─ Cause: Failed to load 'boost' podspec: 
[!] Invalid `boost.podspec` file: undefined local variable or method `min_supported_versions' for Pod:Module.

 #  from /Users/agrittiwari/wishup/client-app/node_modules/react-native/third-party-podspecs/boost.podspec:17
 #  -------------------------------------------
 #    # Pinning to the same version as React.podspec.
 >    spec.platforms = min_supported_versions
 #    spec.requires_arc = false
 #  -------------------------------------------


pod install --repo-update --ansi exited with non-zero code: 1

[Opusfwd]

How about android, still getting from origin website

[iMiodrag]

@agrittiwari @Mitdd9707 try replacing spec.platforms with: spec.platforms = { :ios => '11.0' } and create a patch again using npx patch-package react-native

Not sure if this is the best solution, it works for me.

[TianMeh]

What happens when this is fixed? Is it smart to remove the patch and changes or just leave as is? Or when i update the react native version for example, do i have to update the boost.podspec patch?

[sameerac-swivel]

When this will get fix ?? This caused lot of problems in our current pipeline. I hope this will get fix ASAP.