Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

binutils corrupted download? #1207

Open
sth0 opened this issue Jan 2, 2025 · 12 comments
Open

binutils corrupted download? #1207

sth0 opened this issue Jan 2, 2025 · 12 comments

Comments

@sth0
Copy link
Contributor

sth0 commented Jan 2, 2025

In bootstrapping on MacOS 15, I get a problem during download of binutils not matching the hash. If I then select the gnu download it all works. Seems that the version on fink-mirrors needs updating to match the version in the gnu mirror so that the hash is satisfied?
It is all binutils version 2.36.1 so the hashes should be correct.

The latest release is 2.43.0. Since it is such a basic part of fink bootstrap, I am hesitant to update it due to unintended consequences and I don't have the facilities for testing over the whole 10.9->15.2 range.

Should this issue be in fink-mirrors? The seems to be somewhat quiet over the last decade.

curl --connect-timeout 30 -f -L -A 'fink/0.45.99.git' -O http://distfiles.master.finkmirrors.net/distfiles/binutils-2.36.1.tar.xz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   281  100   281    0     0   1413      0 --:--:-- --:--:-- --:--:--  1412
100 21736  100 21736    0     0  32097      0 --:--:-- --:--:-- --:--:-- 32097
The SHA256 checksum of the file is incorrect. The most likely cause for this is a corrupted or incomplete download
Expected: e81d9edf373f193af428a0f256674aea62a9d74dfe93f65192d4eae030b0f3b0
Actual: MD5(d94aeba2d91eeaf40e114f2a01bd7202)
        SHA1(4fcc9aff145cb80dd7f45ea53f64d65badf075a3)
        SHA256(7ada2474871de70d4d7b65f57e60551fd290fc7db0f4961aebf0cdfb4a75d5ac)
Downloading the file "binutils-2.36.1.tar.xz" failed.
@dhomeier
Copy link
Contributor

dhomeier commented Jan 2, 2025

Actual: MD5(d94aeba2d91eeaf40e114f2a01bd7202)
SHA1(4fcc9aff145cb80dd7f45ea53f64d65badf075a3)
SHA256(7ada2474871de70d4d7b65f57e60551fd290fc7db0f4961aebf0cdfb4a75d5ac)

Manually downloading the file with that checksum (redirected to https://distfiles.master.finkmirrors.net/distfiles/binutils-2.36.1.tar.xz) I am not getting the source archive at all, but a HTML page of "Freeware and shareware download" Copyright 2023 Download-By.net, so this looks like some download error has propagated to all the Fink mirrors.
The source at https://sourceware.org/pub/binutils/releases/ still has the original hash, so someone or something probably needs to trigger a re-sync from the Fink master and mirrors (if any of the mirrors even still exist).

@sth0
Copy link
Contributor Author

sth0 commented Jan 2, 2025

That makes sense. But if that original source was a fall back as listed in the .info file then it should have iterated and tried it? Right? So if the Source: field was set to https://sourceware.org/pub/binutils/releases/ it would try the fink mirror first and then the original?

I am rebuilding fink and getting a lot of missing bad downloads which I am copying over from a previous installation but that is probably not the best solution.

For example:
gtk+2.0_2.18.7-1.diff.gz
xfontpath-0.4.tar.gz

@nieder
Copy link
Member

nieder commented Jan 3, 2025

I've upoaded a good binutils tarball to https://sourceforge.net/projects/fink/files/miscellaneous/bootstrap/ like we normally do for files needed for bootstrapping (objtools package). I'll edit the packages that use that file to also look in our SF space besides the GNU ftp site (which also does have the correct file). The only bad file currently exists in finkmirrors (I don't know how to go about deleting a bad tarball from there). Nevertheless, during the download stage, it is possible to make FInk try upstream or a mirror first (and is settable by running fink configure) if a download attempt fails.

@dmacks
Copy link
Member

dmacks commented Jan 3, 2025

I'm not surprised that a lot of downloads from original-source sites are failing for x11 and gnome things, since we have a lot of fairly old versions of packages in those genres. That's one reason we have our own mirrors (though I'm surprised that x11 and gnome don't keep their files forever, given some of the licensing). If our own mirrors are now failing to supply the correct file, that's a different problem.

@nieder can we jump to a newer binutils upstream? In the past, we've had some of our mirrors get frozen with the wrong file, so jumping to a new file (rather than a replacement of an existing file) solved that.

@nieder
Copy link
Member

nieder commented Jan 3, 2025

/me doesn't use any of the binutil packages and can't coment about updating. objtools from bootstrapping uses the binutils tarball, but I don't know how specific we must be to the current %v. @TheSin-
I just pushed CustomMirror updates to all the affected .info hoping that might trigger the finkmirrors script to try and refetch.

@sth0
Copy link
Contributor Author

sth0 commented Jan 3, 2025

Does the mirror updating check the hash before replacing a tarball from the source URL? Otherwise as the links break it will break existing tarballs.

It seems that binutils is only used during a bootstrap process? The info files seem to point to platform specific installers. Are there any dependencies on binutils after bootstrap?

@nieder
Copy link
Member

nieder commented Jan 4, 2025

I don't know if the mirroring script checks an existing tarball for a matching hash, or if it just checks for the presence of a tarball matching the expected name.

binutils is used during bootstrapping as 'objtools' (because it's just a subset). As non-bootstrap packages, all the $ARCH-$PLATFORM-binutils packages were set up by @kamischi . I'm not sure as to why they were set up (but guessing it was a local personal need).

@kamischi
Copy link
Contributor

kamischi commented Jan 4, 2025

binutils is used during bootstrapping as 'objtools' (because it's just a subset). As non-bootstrap packages, all the $ARCH-$PLATFORM-binutils packages were set up by @kamischi . I'm not sure as to why they were set up (but guessing it was a local personal need).

I used them as a basis for FreePascal cross compilers and there should be no problem with updating. To be honest, I sort of stopped maintaining packages, since my current laptop is arm-based.

@sth0
Copy link
Contributor Author

sth0 commented Jan 6, 2025

  1. Fink seems to be working well with arm based systems these days.

  2. In addition https://ftp.gnome.org/mirror/archive/ftp.sunet.se/pub/mac/fink/gtk+2.0_2.18.7-1.diff.gz has the same corruption for a moved source. And replaced by a html/text file. It is Source2 in the gtk+2 package.

@TheSin-
Copy link
Member

TheSin- commented Jan 6, 2025

busy time of year but I'll see if I can figure it out, you'd think the downloader would do an sum check on it, but it was written by someone else ages ago. So maybe it only know md5 so anything with an shasum it just assumes it's gtg? Likely need to spend time looking at the scripts which I have not done. but I'm pretty sure I know how to reset it to download it again, though I'm sure the result will be the same as it'll try to first mirror.

@sth0
Copy link
Contributor Author

sth0 commented Jan 6, 2025

I am running fink on a bunch of systems so I can grab a missing source from there. Should the dot-info package be updated to find a better reference? I can't find one for the missing gtk+2 file. binutils has some better sources but not at the mirror listed in the dot-info file.

@commandcontrolQ
Copy link

For those who are looking for a copy of gtk+2.0_2.18.7-1.diff.gz that does not lead to a hash mismatch, I have found one from the Debian Launchpad site:

Overview (including .dsc and .orig.tar.gz):
https://answers.launchpad.net/debian/+source:gtk+2.0/2.18.7-1

Direct link:
https://launchpadlibrarian.net/39395619/gtk+2.0_2.18.7-1.diff.gz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants