satis icon indicating copy to clipboard operation
satis copied to clipboard

Published 20 hours ago verified publisher icon composer

The checksum verification of the file failed

Open Jamesking56 opened this issue 5 years ago • 9 comments

I've created a Satis repository being hosted on GitLab Pages.

Running composer locally works fine, however running it on GitLab CI gives:

The checksum verification of the file failed

What causes this? How can I debug it and work out whats going wrong?

Jamesking56 avatar Oct 31 '18 17:10 Jamesking56

I am having exactly the same issue with Satis all of a sudden my private repos started giving checksum errors I also tried checksum: false in my satis.json build file but it still forces the check.

aftabnaveed avatar Nov 18 '18 14:11 aftabnaveed

We had this issue, described here: https://github.com/composer/satis/issues/340

At this moment the issue is back, and it has nothing to do with TMPDIR.

boldhedgehog avatar Dec 04 '18 14:12 boldhedgehog

@Jamesking56 If you are on the master branch, try to add "rearchive": false to archive {} in satis.json

boldhedgehog avatar Dec 04 '18 16:12 boldhedgehog

Running into this as well. It's now blocking our developers.

Every time our satis server is pushed, redeployed, the checksums of packages are changing. I can replicate this locally by removing the dist/ directory, and re-running the build. Each re-run is building a new package with a different checksum.

@boldhedgehog The "rearchive" has no effect. The packages are deleted, to replicate our "rebuild" process on our remote server.

➜  public git:(master) ✗ rm -rf dist                                                                
➜  public git:(master) ✗ checksum dist/domain/commons/domain-commons-v0.1.0-f8a413.tar
16588113575eb0645dfe90b5ac14e6aefcfd114c79ea8ae298388107f7a0e3f5  dist/domain/commons/domain-commons-v0.1.0-f8a413.tar
➜  public git:(master) ✗ rm -rf dist
// Rerunning: satis build public/                                                              
➜  public git:(master) ✗ checksum dist/domain/commons/domain-commons-v0.1.0-f8a413.tar
dee3b137f639320fcb54e51caece9c9dcf95148ddef7605ca3b03e0c7361d120  dist/domain/commons/domain-commons-v0.1.0-f8a413.tar

guice avatar Jan 25 '19 18:01 guice

I'm building my Satis environment in a disposable environment (Docker). I managed to "fix" this by caching the dist between builds.

michielgerritsen avatar Apr 07 '19 11:04 michielgerritsen

@michielgerritsen how are you caching the dist folder?

aftabnaveed avatar Jun 03 '19 02:06 aftabnaveed

@aftabnaveed In my case i was using GitLab where i just did this:

  cache:
    paths:
      - public/dist

But if you are using Docker outside of GitLab you probably want to use something like this (docker run):

-v ~/dist:/var/run/dist

or this (docker compose):

services:
    container-name:
        volumes:
            - ~/dist:/var/run/dist

Disclaimer: I'm not a Docker expert, this may not be the best solution.

michielgerritsen avatar Jun 03 '19 17:06 michielgerritsen

I disabled archive.checksum in satis.json, this problem was gone.

https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#options-explained

g4li avatar Sep 03 '20 09:09 g4li

The checksum is updated everytime the dist is re-archived.

Within the zip or tar archive is a timestamp header with the creation date. This can be disabled when using the zip command directly, but isn't directly supported in the Satis/Composer implementation.

Alternatively you can run composer update mirrors to fix the checksums in the lock, however this might require the removal of the /vendor dir and composer.lock file.

kevindierkx avatar Sep 08 '20 14:09 kevindierkx