Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verifying github.com/nats-io/nats.go@v1.33.0: checksum mismatch #1561

Closed
idc77 opened this issue Feb 19, 2024 · 4 comments
Closed

verifying github.com/nats-io/nats.go@v1.33.0: checksum mismatch #1561

idc77 opened this issue Feb 19, 2024 · 4 comments
Labels
defect Suspected defect such as a bug or regression

Comments

@idc77
Copy link

idc77 commented Feb 19, 2024

Observed behavior

On archlinux, trying to build natscli

==> Starting build()...
go: downloading github.com/gosuri/uiprogress v0.0.1
go: downloading github.com/antonmedv/expr v1.15.5
go: downloading github.com/nats-io/jsm.go v0.1.1-0.20240207100149-2665d2ce5928
go: downloading github.com/nats-io/nats-server/v2 v2.10.11
go: downloading github.com/nats-io/nats.go v1.33.0
go: downloading github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
go: downloading github.com/rivo/uniseg v0.4.7
go: downloading github.com/gosuri/uilive v0.0.4
verifying github.com/nats-io/nats.go@v1.33.0: checksum mismatch
	downloaded: h1:TCq0VFVAfLg2L1pE1wUgSiNVFj1tURguFcabgw63sxE=
	go.sum:     h1:rRg0l2F29B30n6EPl0j50hl8eYp7rA2ecoJ74E62US8=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.
==> ERROR: A failure occurred in build().
    Aborting...
 -> error making: natscli-exit status 4
 -> Failed to install the following packages. Manual intervention is required:
natscli - exit status 4

this is the 2nd day this is happening.
it's not the AUR biuld system.
it's something else.
I encountered this error before in the mongodb go client.
It took a few weeks to sort out.
Something about the cached version of GOPROXY and the actual version.

Expected behavior

The build not failing.

Server and client version

nats cli 0.1.3

Host environment

  fastfetch 
                  -`                     user@dev
                 .o+`                    ---------
                `ooo/                    OS: Arch Linux x86_64
               `+oooo:                   Host: Server
              `+oooooo:                  Kernel: 6.7.4-arch1-1
              -+oooooo+:                 Uptime: 1 hour, 30 mins
            `/:-:++oooo+:                Packages: 2899 (pacman), 4 (brew)
           `/++++/+++++++:               Shell: zsh 5.9
          `/++++++++++++++:              Display (BenQ PD3200U): 3840x2160 @ 60Hz
         `/+++ooooooooooooo/`            DE: Cinnamon 6.0.4
        ./ooosssso++osssssso+`           WM: Muffin (X11)
       .oossssso-````/ossssss+`          WM Theme: cinnamon (Adwaita)
      -osssssso.      :ssssssso.         Theme: Adwaita [GTK2/3/4]
     :osssssss/        osssso+++.        Icons: gnome [GTK2/3/4]
    /ossssssss/        +ssssooo/-        Font: Sans (12pt) [GTK2/3/4]
  `/ossssso+/:-        -:/+osssso+-      Cursor: Adwaita (38px)
 `+sso+:-`                 `.-/+oso:     Terminal: GNOME Terminal 3.50.1
`++:.                           `-/+/    Terminal Font: DejaVu Sans Mono (15pt)
.`                                 `/    CPU: Intel(R) Core(TM) i9-14900K (32) @ 5.70 GHz
                                         GPU: NVIDIA GeForce RTX 4070
                                         Memory: 5.63 GiB / 125.41 GiB (4%)
                                         Swap: Disabled
                                         Disk (/): 838.38 GiB / 3.64 TiB (23%) - xfs
                                         Locale: en_US.UTF-8

SCNR
most if not all of this information is irrelevant, but you asked

I have GOPROXY set to private, but this shouldn't influence this build.

Steps to reproduce

Try building nats cli v0.1.3 the way this script does
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=natscli
@idc77 idc77 added the defect Suspected defect such as a bug or regression label Feb 19, 2024
@piotrpio
Copy link
Collaborator

Hello @idc77 - this issue was caused by accidental re-release of a tag causing go registry to re-upload the module with different checksum - we created a patch release fixing the issue. Sorry for the trouble.

@idc77
Copy link
Author

idc77 commented Mar 1, 2024

Thank you. I forwarded it to the package maintainer to bump the version to v1.33.1

@1995parham
Copy link

@idc77 @piotrpio I am the AUR package maintainer, for the natscli AUR package I am using the 0.1.3 release source code in which nats.go pined to v1.33.0, do you have any suggestion for fixing this? Can you release a patch over natscli?

@idc77 idc77 mentioned this issue Mar 7, 2024
Open
@idc77
Copy link
Author

idc77 commented Mar 7, 2024

My bad was creating this issue in the wrong repo
please see the new issue:
nats-io/natscli#1005

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Suspected defect such as a bug or regression
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@1995parham @piotrpio @idc77