Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[package] boost/1.71.0: sha256 signature failed #26397

Closed
ebassi00 opened this issue Jan 16, 2025 · 4 comments
Closed

[package] boost/1.71.0: sha256 signature failed #26397

ebassi00 opened this issue Jan 16, 2025 · 4 comments
Labels
bug Something isn't working

Comments

@ebassi00
Copy link

Description

Hi everyone,
I'm trying to download boost/1.71.0 from my artifactory (only accessible via a private network which can't go outside the internet). I already have it in repo but, when I download it from conanfile (along with others packages ), I get SSL Certificate error (basically telling me it's trying to download the relative bzip2 package but can't access the URL where the package is because I can't go outside), which suggests that the uploaded version in my artifactory is somehow not compatible with this distribution.
Then i thought to manually download boost from conancenter (connecting to a free network that can go outside) but, as soon as I download it (successfully) and try again to install the other dependencies from my conanfile, it gives me sha256 signature failed error:
boost/1.71.0: Calling source() in /root/.conan2/p/boosta84c6dca88e65/s/src ERROR: boost/1.71.0: Error in source() method, line 845 get(self, **self.conan_data["sources"][self.version], ConanException: sha256 signature failed for 'boost_1_71_0.tar.bz2' file. Provided signature: d73a8da01e8bf8c7eda40b4c84915071a8c8a0df4a6734537ddde4a8580524ee Computed signature: 79e6d3f986444e5a80afbeccdaf2d1c1cf964baa8d766d20859d653a16c39848

Package and Environment Details

  • Package Name/Version: boost/1.71.0
  • Operating System+version: CentOS Stream 9
  • Compiler+version: GCC 11.5.0
  • Docker image: quay.io/centos/centos:stream9
  • Conan version: conan 2.3.2
  • Python version: Python 3.9.20

Conan profile

[settings]
arch=x86_64
build_type=Release
compiler=gcc
compiler.cppstd=gnu17
compiler.libcxx=libstdc++11
compiler.version=11
os=Linux

Steps to reproduce

conan download boost/1.71.0 -r conancenter
conan install . -b missing --ouptut-folder=build -r artifactory

Logs

Click to expand log 
boost/1.71.0: Sources downloaded from 'conancenter'
boost/1.71.0: Calling source() in /root/.conan2/p/boosta84c6dca88e65/s/src
ERROR: boost/1.71.0: Error in source() method, line 845
	get(self, **self.conan_data["sources"][self.version],
	ConanException: sha256 signature failed for 'boost_1_71_0.tar.bz2' file. 
 Provided signature: d73a8da01e8bf8c7eda40b4c84915071a8c8a0df4a6734537ddde4a8580524ee  
 Computed signature: 79e6d3f986444e5a80afbeccdaf2d1c1cf964baa8d766d20859d653a16c39848
@ebassi00 ebassi00 added the bug Something isn't working label Jan 16, 2025
@ebassi00 ebassi00 changed the title [package] <boost>/<1.71.0>: sha256 signature failed [package] boost/1.71.0: sha256 signature failed Jan 16, 2025
@jcar87
Copy link
Contributor

jcar87 commented Jan 16, 2025

Hi @ebassi00 - thank you for opening this issue

Could you paste the output of

cat $(conan cache path boost/1.71.0)/conandata.yml

to double check which URL is being accessed and whether there are mirrors configured? thanks

@ebassi00
Copy link
Author

ebassi00 commented Jan 16, 2025
edited
Loading

Hi @jcar87, thank you for the reply, that's the output for the given command:

`patches:
1.71.0:

  • patch_description: ''
    patch_file: patches/bcp_namespace_issues_1_71.patch
    patch_type: conan
  • patch_description: ''
    patch_file: patches/boost_build_qcc_fix_debug_build_parameter.patch
    patch_type: conan
  • patch_description: ''
    patch_file: patches/boost_core_qnx_cxx_provide___cxa_get_globals.patch
    patch_type: conan
  • patch_description: ''
    patch_file: patches/python_base_prefix.patch
    patch_type: conan
  • patch_description: ''
    patch_file: patches/solaris_pthread_data.patch
    patch_type: conan
  • patch_description: Fails the build when there is no iconv backend
    patch_file: patches/boost_locale_fail_on_missing_backend.patch
    patch_type: conan
  • patch_description: Fails the build when mpi is not configured
    patch_file: patches/boost_mpi_check.patch
    patch_type: conan
  • patch_description: This library links to boost_system, even though that library
    is header-only
    patch_file: patches/1.69.0-contract-no-system.patch
    patch_type: conan
  • patch_description: This library links to boost_system, even though that library
    is header-only
    patch_file: patches/1.69.0-locale-no-system.patch
    patch_type: conan
  • patch_description: This library links to boost_system, even though that library
    is header-only
    patch_file: patches/1.69.0-random-no-system.patch
    patch_type: conan
  • patch_description: This library links to boost_system, even though that library
    is header-only
    patch_file: patches/1.69.0-type_erasure-no-system.patch
    patch_type: conan
  • patch_description: Bump build_requires of 'b2' to '4.7.1' (was '4.5.0')
    patch_file: patches/1.75.0-boost_build-with-newer-b2.patch
    patch_type: conan
    sources:
    1.71.0:
    sha256: d73a8da01e8bf8c7eda40b4c84915071a8c8a0df4a6734537ddde4a8580524ee
    url: https://boostorg.jfrog.io/artifactory/main/release/1.71.0/source/boost_1_71_0.tar.bz2`

@jcar87
Copy link
Contributor

jcar87 commented Jan 16, 2025

Thanks !

The issue is that the sources at https://boostorg.jfrog.io are no longer there - the sha256 is because those URLs now respond with an error page (rather than say, a 404)

We have recently amended the sources #26314 but only for versions 1.79 and onwards - however, all versions since 1.72 have a second fallback URL that should be attempted if the first one fails

conan-center-index/recipes/boost/all/conandata.yml

Lines 72 to 79 in 861d3ab

"1.72.0":
url:
- "https://boostorg.jfrog.io/artifactory/main/release/1.72.0/source/boost_1_72_0.tar.bz2"
- "https://sourceforge.net/projects/boost/files/boost/1.72.0/boost_1_72_0.tar.bz2"
sha256: "59c9b274bc451cf91a9ba1dd2c7fdcaf5d60b1b3aa83f2c9fa143417cc660722"
"1.71.0":
url: "https://boostorg.jfrog.io/artifactory/main/release/1.71.0/source/boost_1_71_0.tar.bz2"
sha256: "d73a8da01e8bf8c7eda40b4c84915071a8c8a0df4a6734537ddde4a8580524ee"

unfortunately, it doesn't look like this fallback URL ever extended to 1.71 - which we consider too old.

You have a few options:

  • if you can edit the recipe locally, amend the conandata.yml to point to a valid and currently active mirror
  • use a newer version of boost
  • You may be able to use https://blog.conan.io/2023/10/03/backup-sources-feature.html - the Cnan client can be configured with a mirror that acts as a fallback if the primary URL fails - this way you can continue to use 1.71 without altering recipe content

If you do have your own Artifactory and you have a requirement of not accessing the external internet, I would strongly recommend setting up a source backups local to your artifactory, and configuring your Conan client to use that instead

@ebassi00
Copy link
Author

@jcar87 thank you a lot for your time, that should be it!

@uilianries uilianries mentioned this issue Jan 20, 2025
Open
@Sirse Sirse mentioned this issue Feb 6, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jcar87 @ebassi00