Difference between revisions of "Dealing with checksum mismatch"

From Openembedded.org
Jump to: navigation, search
(Undo revision 3298 by Yjytalamago (Talk))
Line 1: Line 1:
 +
{{Outdated}}
 +
 
It happens that incorrect checksums are being committed or that upstream changes tarballs without changing the filename.  In both cases, OE will bail out and complain about a mismatch in checksums (unless OE_ALLOW_INSECURE_DOWNLOADS is enabled).  Here are the steps a developer should take to resolve the issue safely.
 
It happens that incorrect checksums are being committed or that upstream changes tarballs without changing the filename.  In both cases, OE will bail out and complain about a mismatch in checksums (unless OE_ALLOW_INSECURE_DOWNLOADS is enabled).  Here are the steps a developer should take to resolve the issue safely.
  

Revision as of 16:28, 3 November 2012

NOTE: This page has been identified as having content that is significantly out-of-date, usually because it refers to OpenEmbedded-Classic - for new projects, you should use OpenEmbedded-Core.

See OpenEmbedded Wiki Update Project for more details.

It happens that incorrect checksums are being committed or that upstream changes tarballs without changing the filename. In both cases, OE will bail out and complain about a mismatch in checksums (unless OE_ALLOW_INSECURE_DOWNLOADS is enabled). Here are the steps a developer should take to resolve the issue safely.

  • Look through "mtn --diffs --no-merges log conf/checksums.ini| less" and find the person who committed the current md5sum.
  • Contact them and ask them to md5sum their copy again. Compare results if they still have the original tar file against which the original checksum was generated.

Then we have three possible scenarios.

  1. the original committer does not have the original file anymore or is unsure about its integrity. In that case, please write to openembedded-devel@lists.linuxtogo.org. Don't do anything further.
  2. the original committer generates the same md5sum as you, indicating an error in the original commit. In this case we can safely commit the update. Indicate in your commit message that yours and the other person's md5sum matched
  3. the numbers don't match. Then we need to consult upstream and ask if they changed the tarball. Sadly this is something that commonly happens. After confirmation from upstream we can update checksums.ini.