Support #13103
openwt-4.11.0 checksum failed
0%
Description
When wt-4.11.0 was released I packaged it for Gentoo and as part of packaging a checksum of the tar.gz and the file length is saved to detect tampering.
Today, while installing Wt on a different machine I got the next error:
!!! Fetched file: wt-4.11.0.tar.gz VERIFY FAILED!
!!! Reason: Filesize does not match recorded size
!!! Got: 10563042
!!! Expected: 10562160
Usually, the most likely issue is that the Github release was removed and created again with slightly different content and not a case of tampering and is not a security breach.
Could emweb confirm that the Wt-4.11.0 release on Github was re-created and is not a security issue?
Updated by Matthias Van Ceulebroeck about 1 month ago
- Status changed from New to Resolved
Hello David,
yes this is indeed the case. I apologize for the inconvenience. In the latest work with Websockets there was some missing code that resulting in compilation issues for standalone asio (as apposed to boost asio).
I updated the release to ensure that the release branch and tag would contain this additional commit. I believe there was a day (or perhaps two) in between the original release and this update, leading to the checksum being different.
But yes, you can rest assured this was a manual "error", and not a case of tampering.
Updated by Matthias Van Ceulebroeck about 1 month ago
- Tracker changed from Bug to Support