[Buildroot] linux-firmware hash mismatch (tar-1.30)
Peter Korsgaard
peter at korsgaard.com
Wed Jan 10 19:15:38 UTC 2018
>>>>> "John" == John Keeping <john at metanate.com> writes:
> Hi,
> I'm getting the following error cloning linux-firmware:
> ERROR: linux-firmware-17e6288135d4500f9fe60224dce2b46d850c346b.tar.gz has wrong sha256 hash:
> ERROR: expected: 28d359523a36c1cdc3e85a8e148bb2d68b036d28b10f0e80a192f3dc29f02c16
> ERROR: got : bf6fe8d7620949a3e771954cb6d9d18dcf000d37ecc910a7cf69723c1798e246
> ERROR: Incomplete download, or man-in-the-middle (MITM) attack
> After a bit of digging, it looks like this is caused by tar-1.30 which
> includes the following fix:
> * --numeric-owner now affects private headers too.
> Comparing the tarball created on my system with one from
> sources.buildroot.net gives the output like this, which shows that the
> uname/gname fields are set for a GNUTYPE_LONGNAME record in the version
> from sources.buildroot.net and not set in the version created with
> tar-1.30:
Gaah, what a mess :/
> I'm not sure whether anything can be done to avoid this problem, but
> hopefully reporting it will save the next person some debugging time.
I also don't quite see any good solutions either :/
Did you try bringing it up with tar upstream? Perhaps there is a way to
disable this? Alternatively we can build tar-1.29 for the host and use
that instead of whichever tar version is available on the build machine,
but this will slow down the build.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list