Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nodejs 15: ICU 68.1 tarball doesn't match provided md5sum #36776

Closed
sgallagher opened this issue Jan 4, 2021 · 2 comments
Closed

Nodejs 15: ICU 68.1 tarball doesn't match provided md5sum #36776

sgallagher opened this issue Jan 4, 2021 · 2 comments
Labels
icu Issues and PRs related to the ICU dependency.

Comments

@sgallagher
Copy link
Contributor

  • Version: 15.5.0
  • Platform: All (tarball contents)
  • Subsystem: Build

What steps will reproduce the bug?

Actual result: 6a99b541ea01f271257b121a4433c7c0 icu4c-68_1-src.tgz doesn't match fd03b2d916dcadd3711b4c4a100a1713

How often does it reproduce? Is there a required condition?

Reproduces successfully every time.

What is the expected behavior?

The md5sums need to match.

What do you see instead?

The md5sums differ, which means the tarball cannot be considered trusted.

Additional information

Someone needs to audit the ICU tarball and determine where the difference occurred.
@richardlau richardlau mentioned this issue Jan 4, 2021
Closed
4 tasks
@richardlau
Copy link
Member

Looks like it might be a copy/paste error. https://github.com/unicode-org/icu/releases/download/release-68-1/icu-68_1-src.md5 lists:

6a99b541ea01f271257b121a4433c7c0  icu4c-68_1-src.tgz
fd03b2d916dcadd3711b4c4a100a1713  icu4c-68_1-src.zip

so it looks like the hash is for the zip version of the source. I've raised #36777 to correct.

targos added a commit to targos/node that referenced this issue Jan 4, 2021
@targos
tools: correct MD5 of ICU 68.1 tarball
9d8ae11 
Fixes: nodejs#36776
@targos targos mentioned this issue Jan 4, 2021
Closed
@sgallagher
Copy link
Contributor Author

Thanks! I have a script I use to assist with updating Node.js in Fedora and it choked while trying to verify the ICU integrity.

@targos targos added the icu Issues and PRs related to the ICU dependency. label Jan 4, 2021
@Trott Trott closed this as completed in fcf6226 Jan 6, 2021
danielleadams pushed a commit that referenced this issue Jan 12, 2021
@richardlau @danielleadams
tools: fix md5 hash for ICU 68.1 src
1f2a198 
Correct md5sum hash for the tarball version of the ICU 68.1 source.
The previously recorded md5sum hash was for the zip version.

PR-URL: #36777
Fixes: #36776
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
targos pushed a commit that referenced this issue Mar 3, 2021
@richardlau @targos
tools: fix md5 hash for ICU 68.1 src
0d2752e 
Correct md5sum hash for the tarball version of the ICU 68.1 source.
The previously recorded md5sum hash was for the zip version.

PR-URL: #36777
Fixes: #36776
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
MylesBorins pushed a commit that referenced this issue Apr 6, 2021
@richardlau @MylesBorins
tools: fix md5 hash for ICU 68.1 src
77f32ee 
Correct md5sum hash for the tarball version of the ICU 68.1 source.
The previously recorded md5sum hash was for the zip version.

PR-URL: #36777
Fixes: #36776
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
icu Issues and PRs related to the ICU dependency.
Projects
None yet
Milestone
No milestone
3 participants
@sgallagher @targos @richardlau