Tarball SHA-512 divergences #1385
Replies: 4 comments
-
Topic at vcpkg project: microsoft/vcpkg#39413 |
Beta Was this translation helpful? Give feedback.
-
This is a very annoying behavior of GitHub that I wish could be disabled. The correct source distribution files are named |
Beta Was this translation helpful? Give feedback.
-
I notice that I suggest to add a note to #1373, so that the participants of that issue are notified. ("This conversation has been locked and limited to collaborators.") |
Beta Was this translation helpful? Give feedback.
-
Hello!
I am suddenly seeing build problems on my end, where vcpkg complains that downloading libsodium fails because downloaded hash and expected hash mismatch.
vcpkg (commit 7a7ef70514c0f612847e668dfdb25a3fd8362053) is complaining that it expects https://github.com/jedisct1/libsodium/archive/1.0.19.tar.gz to have SHA-512
6094d7bf191ea3be85f2ddab76b71f1b9c69c786493db5b84d3c5d5a0237003377ddf6a8687a962ea651fe4a9369cf5ee1676ba0bae82690f5f7ef31a698efa9
but instead hasefeb4c0dc352993fc128974abb27e4be60521e85ce191c8c38a84168d4e7d7b1d2c26843250077dd21dadb13678bf56712375e74754eb02100b8cc418ebffb94
.This is the file where vcpkg (at that revision) defines the SHA-512 expected for the downloaded file: https://github.com/microsoft/vcpkg/blob/7a7ef70514c0f612847e668dfdb25a3fd8362053/ports/libsodium/portfile.cmake
Manually downloading that file now (at least here) does indeed confirm, with openssl, the actual hash.
Did that file somehow recently change?
Also, downloading https://github.com/jedisct1/libsodium/releases/download/1.0.19-RELEASE/libsodium-1.0.19.tar.gz gives a different SHA-512 of
8e9b6d796f6330e00921ce37f1b43545966094250938626ae227deef5fd1279f2fc18b5cd55e23484732a27df4d919cf0d2f07b9c2f1aa0c0ef689e668b0d439
.Are these two files, the "archive" one and the "releases" one, supposed to be the same?
Beta Was this translation helpful? Give feedback.
All reactions