Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] Checksum mismatch for cadvisor in Install dependencies #32381

Closed
kasia-kujawa opened this issue Apr 15, 2024 · 3 comments · Fixed by #32390
Closed

[CI] Checksum mismatch for cadvisor in Install dependencies #32381

kasia-kujawa opened this issue Apr 15, 2024 · 3 comments · Fixed by #32390
Labels
ci-cd CI, CD, testing, build issues needs triage New item requiring triage

Comments

@kasia-kujawa
Copy link
Contributor

Component(s)

No response

Describe the issue you're reporting

Install dependencies fails with checksum mismatch for cadvisor, example failure: https://github.com/open-telemetry/opentelemetry-collector-contrib/actions/runs/8680678623/job/23801791610

verifying github.com/google/cadvisor@v0.49.1: checksum mismatch
	downloaded: h1:L9S9Pdb/uu1HA2PGmgBG4q/V3s9Ct3VWsLicarHVvfQ=
	go.sum:     h1:9M++63nWvdq6Oci6wUDuAfQNTZpuz1ZObln0Bhs9xN0=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

It looks like the issue is related to #32368, at least I'm able to reproduce this issue setting GOPROXY to https://goproxy.cncf.actuated.dev,direct
@kasia-kujawa kasia-kujawa added the needs triage New item requiring triage label Apr 15, 2024
@crobert-1 crobert-1 mentioned this issue Apr 15, 2024
Closed
@crobert-1 crobert-1 added the ci-cd CI, CD, testing, build issues label Apr 15, 2024
@atoulme
Copy link
Contributor

atoulme commented Apr 15, 2024

I see google/cadvisor#3508 caused this and created issues with proxies. We can revert cadvisor to 0.49.0 to fix the issue for now, as was done here: flightctl/flightctl#206

@crobert-1
Copy link
Member

The bump to 0.49.1 of cadvisor wasn't for any noteworthy purpose (no CVE fixes, major functionality introduced), so I have no problem with rolling back.

@crobert-1 crobert-1 mentioned this issue Apr 15, 2024
Merged
@codeboten
Copy link
Contributor

If this all happened 3 weeks ago.... i guess cache somewhere expired causing the problem only now?

codeboten pushed a commit that referenced this issue Apr 15, 2024
@crobert-1
[chore][deps update] Rollback cadvisor to v0.49.0 (#32390)
709e168 
cadvisor `v0.49.1` caused an issue with proxies as it has a different
hash than it originally had for the same release. Rolling back to
`v0.49.0` to resolve CI/CD failures until `v0.49.2` or a new release is
created.

Resolves
#32381
@github-actions github-actions bot mentioned this issue Apr 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ci-cd CI, CD, testing, build issues needs triage New item requiring triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[chore][deps update] Rollback cadvisor to v0.49.0 crobert-1/opentelemetry-collector-contrib
4 participants
@atoulme @codeboten @kasia-kujawa @crobert-1