rubygems.org: Mismatched checksums on a couple gems
From https://github.com/bundler/bundler/issues/5332
Since Bundler 1.14 started validating checksums, a couple of people have had failed builds caused by seemingly invalid checksums in the RubyGems DB.
| gem | rubygems says | shasum says |
|---|---|---|
| faraday_middleware | c56bb3661af1d5057e578d72d2f9e93ab52630b74ebe37ce1118c93a6ddff56b | ff2bdbb6bdd5b2293f8ce7cb93572318dd068506e12f987f04a65209a2bc69cb |
| azure-core | b04f7f994e3abc31003139a7ff8a682980c1d064a906a3290d5c369685bc478b | 68ebac6994412a775584478961747a215d0844737a8b9a91405a0ac77fe6c514 |
@chrismo ran a check on the 700 most popular gems and didn’t find any other instances, but that doesn’t mean they aren’t out there! It would be nice to know how these SHAs ended up this way.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 19 (14 by maintainers)
Commits related to this issue
- Fix duplicate gem publishing via Travis CI Restrict gem publishing to the Ruby 2.4.0 + SSL matrix job. Per https://github.com/rubygems/rubygems.org/issues/1551#issuecomment-290924620 — committed to domcleal/faraday by domcleal 7 years ago
- Fix duplicate gem publishing via Travis CI (#680) Restrict gem publishing to the Ruby 2.4.0 + SSL matrix job. Per https://github.com/rubygems/rubygems.org/issues/1551#issuecomment-290924620 — committed to lostisland/faraday by domcleal 7 years ago
- ⚙️ Fix release process See https://github.com/rubygems/rubygems.org/issues/1551#issuecomment-290924620. Fixes #27 — committed to ninech/netbox-client-ruby by cimnine 6 years ago
- Avoid rubygems race condition with parallel pushes Earlier, all our Travis build jobs (one for each ruby version) used to attempt to push a tagged version to Rubygems. The idea here was that one of t... — committed to segmentio/analytics-ruby by rohitpaulk 6 years ago
- Auto merge of #1723 - sonalkr132:race-create, r=indirect Persist records before uploading to s3 When same gem version is pushed in parallel, upload to s3 is run for both the process. Process which c... — committed to rubygems/rubygems.org by bundlerbot 6 years ago
Thanks for your input @sonalkr132. The condition have been added and I’m re-publishing the gem, hopefully this time will be ok.
Thanks for reporting this @tiagoamaro, I released version 0.12.0 this morning and it had the same issue we had with
faraday_middleware. Last time I solved releasing again, @sonalkr132 do you need time to investigate or can I proceed releasing again?