wolfi-dev
gcc: Update to GCC 14.3.0
Update the current GCC to 14.3.0 (the latest release under the 14.x branch) so that we can unblock #54401.
This is part of the GCC 15 update process.
🔍 Build Failed: Checksum Verification Failed
Expected sha512 does not match found: cb4e3259640721bbd275c723fe4df53d12f9b1673afb3db274c22c6aa457865dccf2d6ea20b4fd4c591f6152e6d4b87516c402015900f06ce9d43af66d3b7a93
Build Details
| Category | Details |
|---|---|
| Build System | Wolfi Linux package build system (melange) |
| Failure Point | fetch verification of gcc-14.3.0.tar.xz |
Root Cause Analysis 🔍
The downloaded gcc-14.3.0.tar.xz file's SHA512 checksum doesn't match the expected value. This indicates either the source file was corrupted during download, the upstream file was changed without updating the checksum in the package definition, or there might be a typo in the expected checksum configuration.
🔍 Build failure fix suggestions
Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:
Suggested Changes
File: gcc.yaml
- replace at line 51 (pipeline.fetch.expected-sha512) Original:
expected-sha512: 932bdef0cda94bacedf452ab17f103c0cb511ff2cec55e9112fc0328cbf1d803b42595728ea7b200e0a057c03e85626f937012e49a7515bc5dd256b2bf4bc396
Replacement:
expected-sha512: cb4e3259640721bbd275c723fe4df53d12f9b1673afb3db274c22c6aa457865dccf2d6ea20b4fd4c591f6152e6d4b87516c402015900f06ce9d43af66d3b7a93
Click to expand fix analysis
Analysis
The build failure is related to a SHA512 checksum mismatch when fetching gcc-14.3.0.tar.xz. The error message clearly indicates that the expected SHA512 hash (932bdef0cda94bacedf452ab17f103c0cb511ff2cec55e9112fc0328cbf1d803b42595728ea7b200e0a057c03e85626f937012e49a7515bc5dd256b2bf4bc396) does not match what was actually downloaded (cb4e3259640721bbd275c723fe4df53d12f9b1673afb3db274c22c6aa457865dccf2d6ea20b4fd4c591f6152e6d4b87516c402015900f06ce9d43af66d3b7a93). This is typically caused by either upstream changing the file without changing the version number, a typo in the expected checksum, or a corrupted download.
Click to expand fix explanation
Explanation
The error message clearly indicates a checksum mismatch between what was expected in the melange YAML file and what was actually downloaded. The solution is to update the expected SHA512 hash in the YAML file to match the actual hash of the downloaded file.
The existing hash (932bdef0cda94bacedf452ab17f103c0cb511ff2cec55e9112fc0328cbf1d803b42595728ea7b200e0a057c03e85626f937012e49a7515bc5dd256b2bf4bc396) was likely from a previous version of the file or was entered incorrectly.
Since the error message explicitly provides the correct SHA512 hash (cb4e3259640721bbd275c723fe4df53d12f9b1673afb3db274c22c6aa457865dccf2d6ea20b4fd4c591f6152e6d4b87516c402015900f06ce9d43af66d3b7a93) that was found for the downloaded file, we can confidently update the expected hash to this value.
After updating the checksum, the build should proceed successfully, as the verification step will now match the actual file that is being downloaded from the GCC mirror.
Click to expand alternative approaches
Alternative Approaches
- Verify the hash manually by downloading the file directly from the upstream source (https://ftpmirror.gnu.org/gnu/gcc/gcc-14.3.0/gcc-14.3.0.tar.xz) and calculating the SHA512 hash to confirm the correct value.
- Check the official GCC release announcement or download page to see if they provide the official checksums for verification.
- If there's doubt about the integrity of the file, try downloading from a different mirror (e.g., https://ftp.gnu.org/gnu/gcc/gcc-14.3.0/gcc-14.3.0.tar.xz instead of ftpmirror) and compare the checksums.
Was this comment helpful? Please use 👍 or 👎 reactions on this comment.
![octo-sts[bot] avatar](https://avatars.githubusercontent.com/in/801323?v=4 "Published by a pub.dev verified publisher"){kind=small}
surely fetch expected-sha512 needs updating.
Argh, you're right, doing too many things at one. Updated.