Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The checksum verification of the file failed #22

Closed
btantlinger opened this issue Oct 26, 2021 · 6 comments
Closed

The checksum verification of the file failed #22

btantlinger opened this issue Oct 26, 2021 · 6 comments

Comments

@btantlinger
Copy link

I'm trying to deploy to magento cloud, but it's failing on this extension because the checksum does not match.

      W:   - Installing dotmailer/dotmailer-magento2-extension-enterprise (1.0.7): Downloading (100%)
      W:                                                                                                                                                                                                   
      W:   [UnexpectedValueException]                                                                                                                                                                      
      W:   The checksum verification of the file failed (downloaded from https://api.github.com/repos/dotmailer/dotmailer-magento2-extension-enterprise/zipball/fa97aca289a0f2e38f8dc608700a2237b5d18acd)  
      W:                                                                                                                                                                                                   
      W:

Checksum in my composer.lock file: e60a4e91f0f708f9ec029ac505a9aab47940d401
Actual checksum I get when running shasum: 2fdf6f98a029b4d246116a9dd007ed1727dab042

Why do they not match? Seems odd and/or suspicious.
@sta1r
Copy link
Contributor

sta1r commented Oct 27, 2021

Hi @btantlinger please can you confirm the Magento version you are using? I'm assuming you are just trying to install the 1.0.7 of dotmailer/dotmailer-magento2-extension-enterprise that comes bundled with Magento.

@sta1r
Copy link
Contributor

sta1r commented Oct 27, 2021

My theory is that you are installing anything between Magento 2.3.5 and 2.3.7-p2. All of these versions (when freshly cloned) should have a section in composer.lock matching:

            "name": "dotmailer/dotmailer-magento2-extension-enterprise",
            "version": "1.0.7",
            "dist": {
                "type": "zip",
                "url": "https://repo.magento.com/archives/dotmailer/dotmailer-magento2-extension-enterprise/dotmailer-dotmailer-magento2-extension-enterprise-1.0.7.0.zip",
                "shasum": "e60a4e91f0f708f9ec029ac505a9aab47940d401"
            },

Your install is attempting to match a checksum on https://api.github.com/repos/ instead of https://repo.magento.com/archives/ - possibly because your composer.json is configured to scan packagist.org for available packages as well as repo.magento.com.

Note that we have a 1.0.7 tag on Packagist here: https://packagist.org/packages/dotmailer/dotmailer-magento2-extension-enterprise#1.0.7

You could try to update your dotmailer/dotmailer-magento2-extension-enterprise version using:

composer require dotmailer/dotmailer-magento2-extension-enterprise:"1.6.0 as 1.0.7"

@btantlinger
Copy link
Author

btantlinger commented Oct 27, 2021
edited
Loading

Thanks for the explanation. You are correct, it's installed on version 2.3.5.

My composer.lock file section for the module looks like this:

      "name": "dotmailer/dotmailer-magento2-extension-enterprise",
            "version": "1.0.7",
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/dotmailer/dotmailer-magento2-extension-enterprise/zipball/fa97aca289a0f2e38f8dc608700a2237b5d18acd",
                "reference": "fa97aca289a0f2e38f8dc608700a2237b5d18acd",
                "shasum": "e60a4e91f0f708f9ec029ac505a9aab47940d401"
            }

So you're correct, it's picking up the github version rather than the repo.magento.com version. Not sure I understand why. Interestingly the other dotdigital modules are using the repo.magento.com url.

@btantlinger
Copy link
Author

btantlinger commented Oct 27, 2021
edited
Loading

Also, I wonder why the checksum would be different between the github version and the repo.magento.com version? Why would that even matter? Shouldn't they be the same package and have the same shasum?

@sta1r
Copy link
Contributor

sta1r commented Oct 28, 2021

I believe based on this open Composer issue that different archives i.e. repo.magento.com and api.github.com, can have different hashes.

It might be best if we continue the investigation via the ticket you have open with our support team. Then, if we can figure this all out, we can document it here for others' benefit.

Ref #21.

@sta1r
Copy link
Contributor

sta1r commented Nov 5, 2021

To summarise for the benefit of others having the same issue.

We think the problem arises from Composer finding two packages of the same version available on both repo.magento.com and api.github.com, but getting confused and using the url of one with the shasum of the other. Currently we don't know why this happens, but merchants have seen it happen with versions 1.0.4 and 1.0.7 of this module.

The advised solution is to use a newer version of this module, which will bypass any confusion Composer is having. The way to do this is for example:

composer require dotmailer/dotmailer-magento2-extension-enterprise:"1.7.0 as 1.0.7"

I'd be happy to re-open this if any new intel comes to light.

@sta1r sta1r closed this as completed Nov 5, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sta1r @btantlinger