Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI: downloaded pseudo archive can be corrupt for install sssp #70

Open
sphuber opened this issue Apr 10, 2021 · 3 comments
Open

CLI: downloaded pseudo archive can be corrupt for install sssp #70

sphuber opened this issue Apr 10, 2021 · 3 comments
Labels
priority/nice to have topic/cli/install type/bug

Comments

@sphuber
Copy link
Contributor

sphuber commented Apr 10, 2021

Originally reported in #59 which was closed with just an addition to the docs how to circumvent the problem, but apparently it is possible that the download of the pseudo archive in aiida-pseudo install sssp finishes without an error but then the next unpacking step fails with the exception:

EOFError: compressed file ended before the end-of-stream marker was reached

This suggests that the archive was incomplete and in turn suggests that the download was never completed. However, this apparently didn't return an error as the download step was marked successful. This bug was encountered on a QM instance and I have not been able to reproduce it.
@zooks97
Copy link
Contributor

zooks97 commented Apr 12, 2021
edited
Loading

For this and for #65, I would be tempted to keep a small database of MD5 hashes of the files we use in the automatic installers. That way, we could check if the downloaded file is corrupted, has been changed on the server-side, or if the user has a conflicting (and incorrect) file for the --download-only flag.

edit: I see you already made this recommendation in #62, sorry for the duplication!

@sphuber
Copy link
Contributor Author

sphuber commented Apr 12, 2021

Implementing should be easy, the only problem that I see is that aiida-pseudo can become outdated. At least for the SSSP we sometimes release updated version of the archive that fix minor things that do not change the actual important parts (so pseudos and metadata stay the same) but the md5 of the archive can change nonetheless. In this case, the installer would break and we would be forced to release a new version. Together with dependency requirements of packages using aiida-pseudo this may become a mess. I thought of maybe adding an override flag for this case, which would skip the md5 check, but the question is if we then don't nullify the whole concept. So in short, I am not sure what is best

@ltalirz
Copy link
Member

ltalirz commented Dec 22, 2022
edited
Loading

I would say the canonical answer is that the MD5 hashes should not be stored by aiida-pseudo, but they should advertised together with an update of the SSSP archive.

I.e. wherever aiida-pseudo looks for downloading the archive, there should also be a place to look for the expected MD5 hash.

If previous versions of the SSSP records didn't have that - no problem; just include a list of MD5 hashes with the next update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/nice to have topic/cli/install type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ltalirz @sphuber @zooks97