Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

djl-serving: fix sha256 mismatch #76668

Merged
merged 1 commit into from
May 20, 2021
Merged

djl-serving: fix sha256 mismatch #76668

merged 1 commit into from
May 20, 2021

Conversation

cho-m
Copy link
Member

@cho-m cho-m commented May 5, 2021
edited
Loading

  • Have you followed the guidelines for contributing?
  • Have you checked that there aren't other open pull requests for the same formula update/change?
  • Have you built your formula locally with brew install --build-from-source <formula>, where <formula> is the name of the formula you're submitting?
  • Is your test running fine brew test <formula>, where <formula> is the name of the formula you're submitting?
  • Does your build pass brew audit --strict <formula> (after doing brew install <formula>)?

One of failures seen in OpenJDK 16 CI run: #72535 (comment)

==> brew fetch --retry djl-serving
==> FAILED
==> Downloading https://djl-ai.s3.amazonaws.com/publish/djl-serving/serving-0.11.0.tar
Downloaded to: /Users/brew/Library/Caches/Homebrew/downloads/7c00f1d17b84e0dfaa8a3ba1461cf12eabc2f7d602d925606c5bacca8f302454--serving-0.11.0.tar
SHA256: a7bdd3397744e7cca57dc551cca9180ee88f5e630d31cef01a46cfb0dc73f666
==> Retrying download
==> Downloading https://djl-ai.s3.amazonaws.com/publish/djl-serving/serving-0.11.0.tar
Downloaded to: /Users/brew/Library/Caches/Homebrew/downloads/7c00f1d17b84e0dfaa8a3ba1461cf12eabc2f7d602d925606c5bacca8f302454--serving-0.11.0.tar
SHA256: a7bdd3397744e7cca57dc551cca9180ee88f5e630d31cef01a46cfb0dc73f666
Warning: Formula reports different sha256: 93dfd5e4efca5208918b016338209de37b96796af6dc584e269093c116f04030

Looking at the GitHub latest: https://github.com/deepjavalibrary/djl/releases/tag/v0.11.0
The same tag was updated on May 3rd, but this formula was added on March 24 - #73649
So, it may have been updated in-place.

https://search.maven.org/artifact/ai.djl/serving

Version Updated OSS Index
‎ 0.11.0 01-May-2021 open_in_new
‎ 0.10.0 23-Feb-2021 open_in_new
‎ 0.9.0 17-Dec-2020 open_in_new

@BrewTestBot BrewTestBot added bottle unneeded [DEPRECATED] Bottle does not need to be built java Java use is a significant feature of the PR or issue labels May 5, 2021
@SMillerDev
Copy link
Member

We'll need to know why they retagged and if it wasn't malicious. Please make an issue upstream.

@cho-m cho-m mentioned this pull request May 5, 2021
Closed
@cho-m
Copy link
Member Author

cho-m commented May 5, 2021

Pending on upstream to comment in deepjavalibrary/djl#941

@cho-m
Copy link
Member Author

cho-m commented May 5, 2021

@SMillerDev according to deepjavalibrary/djl#941 (comment) (quoted below), the previous tar was from a snapshot and ended up being updated in-place with 0.11.0 release.

Yes this is a bug:

  1. When we publish djl-serving brew package, it was based on 0.11.0-SNAPSHOT on March 23
  2. On May, we updated djl-serving binary to 0.11.0 release version, but we didn't update brew package

What we can do is release a version 0.11.0-post1 in brew to address this issue.

I will probably wait for any last comments on whether they want to upload a new file or not.

@cho-m cho-m mentioned this pull request May 7, 2021
Closed
5 tasks
@aksrajvanshi
Copy link
Contributor

@SMillerDev according to deepjavalibrary/djl#941 (comment) (quoted below), the previous tar was from a snapshot and ended up being updated in-place with 0.11.0 release.

Yes this is a bug:

  1. When we publish djl-serving brew package, it was based on 0.11.0-SNAPSHOT on March 23
  2. On May, we updated djl-serving binary to 0.11.0 release version, but we didn't update brew package

What we can do is release a version 0.11.0-post1 in brew to address this issue.

I will probably wait for any last comments on whether they want to upload a new file or not.

Can we update the hash of the file without releasing the new version ? Like it's been done in the commit, it can go as a revision ?

@cho-m
Copy link
Member Author

cho-m commented May 12, 2021

Can we update the hash of the file without releasing the new version ? Like it's been done in the commit, it can go as a revision ?

Yes.
Once we confirm everything is okay with upstream tarball, merging this PR with the revision 1 will send an update to all Homebrew users who have installed the Formula.

@aksrajvanshi
Copy link
Contributor

aksrajvanshi commented May 12, 2021
edited
Loading

Can we update the hash of the file without releasing the new version ? Like it's been done in the commit, it can go as a revision ?

Yes.
Once we confirm everything is okay with upstream tarball, merging this PR with the revision 1 will send an update to all Homebrew users who have installed the Formula.

I see! I'm one of the contributors and the one who added the djl-serving homebrew package. The upstream tarball is alright now. We can merge this PR with the new sha hash and the new revision. Let me know if we can help in any way.

@cho-m cho-m requested a review from SMillerDev May 13, 2021 17:14
@carlocab carlocab merged commit 484901b into Homebrew:master May 20, 2021
@cho-m cho-m deleted the fix-djl-serving-sha256 branch May 20, 2021 01:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SMillerDev SMillerDev SMillerDev approved these changes

Assignees
No one assigned
Labels
bottle unneeded [DEPRECATED] Bottle does not need to be built java Java use is a significant feature of the PR or issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cho-m @SMillerDev @aksrajvanshi @BrewTestBot @carlocab