Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make the release script more robust #9785

Closed
bwagner5 opened this issue Apr 14, 2022 · 5 comments
Closed

Make the release script more robust #9785

bwagner5 opened this issue Apr 14, 2022 · 5 comments

Comments

@bwagner5
Copy link

bwagner5 commented Apr 14, 2022

What version of Hugo are you using (hugo version)?

v0.97.0

Does this issue reproduce with the latest release?

Yes

When installing v0.97.0 w/ go install w/o the google go proxy, a checksum mismatch occurs.

$ go clean -modcache
$ GOPROXY=direct go install github.com/gohugoio/hugo@v0.97.0+extended
go: downloading github.com/gohugoio/hugo v0.97.0
go: github.com/gohugoio/hugo@v0.97.0+extended: github.com/gohugoio/hugo@v0.97.0: verifying module: checksum mismatch
	downloaded: h1:VkjBIIADmPnxhA9t4XhNuH2H/U8fg5u5G3dsvS3jBBk=
	sum.golang.org: h1:cKR421+00hzlh8H5ckmtkWAZbKjIT7hDPY7h/DXEQiI=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

@bep
Copy link
Member

bep commented Apr 14, 2022

This will fix itself with the next Hugo release. If you want it fixed sooner, you may want to talk to the maintainers of the gosum db that has the wrong version registered (admittengly due to me having to start over the release twice because of tech failures).

@bep
Copy link
Member

bep commented Apr 15, 2022

Since we don't have any "edit release notes step" in the release notes script anymore, we could probably delay the creating of the release on GitHub (with the tag) until after we have built all the binaries (which is where it failed in this scenario).

@bep bep added this to the v0.97.1 milestone Apr 15, 2022
@bep bep changed the title v0.97.0 Checksum Mismatch Make the release script more robust Apr 15, 2022
@bep bep modified the milestones: v0.97.1, v0.99.0 Apr 28, 2022
@bep bep modified the milestones: v0.99.0, v0.100.0 May 24, 2022
@bep bep modified the milestones: v0.100.0, v0.101.0 May 31, 2022
@bep bep modified the milestones: v0.101.0, v0.102.0 Jun 16, 2022
@bep bep modified the milestones: v0.102.0, v0.103.0 Aug 28, 2022
@bep bep modified the milestones: v0.103.0, v0.104.0 Sep 15, 2022
@bep bep modified the milestones: v0.104.0, v0.105.0 Sep 23, 2022
@bep bep modified the milestones: v0.105.0, v0.106.0 Oct 26, 2022
@bep bep modified the milestones: v0.106.0, v0.107.0 Nov 18, 2022
@bep bep removed this from the v0.107.0 milestone Dec 3, 2022
@silverwind
Copy link

FWIW, 0.81.0 also appears to be a similarily broken release:

go clean -modcache && GOPROXY=direct go run github.com/gohugoio/hugo@v0.81.0 --help
go: downloading github.com/gohugoio/hugo v0.81.0
go: github.com/gohugoio/hugo@v0.81.0: github.com/gohugoio/hugo@v0.81.0: verifying module: checksum mismatch

	downloaded: h1:zToI15wYh6oh4SRAaoy39XixwmiPB0DZDjsgu9szknY=
	sum.golang.org: h1:PX8TYe1nrWOOMBWtQ/YvKs6QRrOjC5/RrZGE4tBb6EE=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

@bep bep modified the milestones: v0.109.0, v0.111.0, v0.110.0 Jan 26, 2023
@bep bep modified the milestones: v0.111.0, v0.112.0 Feb 15, 2023
@bep bep modified the milestones: v0.112.0, v0.113.0 Apr 15, 2023
@bep bep modified the milestones: v0.113.0, v0.115.0 Jun 13, 2023
@bep bep modified the milestones: v0.115.0, v0.116.0 Jun 30, 2023
@bep bep modified the milestones: v0.116.0, v0.117.0 Aug 1, 2023
@bep bep modified the milestones: v0.117.0, v0.118.0 Aug 30, 2023
@bep bep modified the milestones: v0.118.0, v0.119.0 Sep 15, 2023
@bep bep modified the milestones: v0.119.0, v0.120.0 Oct 5, 2023
@bep bep modified the milestones: v0.120.0, v0.121.0 Oct 31, 2023
@jmooring
Copy link
Member

This seems to have been fixed, to the extent possible, with the move to https://github.com/gohugoio/hugoreleaser/.

Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants