GNU bug report logs - #36363
let's encrypt hash mismatch

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Julien Lepiller <julien@HIDDEN>; dated Mon, 24 Jun 2019 17:24:02 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 36363 <at> debbugs.gnu.org:


Received: (at 36363) by debbugs.gnu.org; 24 Jun 2019 20:09:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 24 16:09:39 2019
Received: from localhost ([127.0.0.1]:58077 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hfVHX-0000zv-4T
	for submit <at> debbugs.gnu.org; Mon, 24 Jun 2019 16:09:39 -0400
Received: from eggs.gnu.org ([209.51.188.92]:51921)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1hfVHS-0000zh-Ve
 for 36363 <at> debbugs.gnu.org; Mon, 24 Jun 2019 16:09:35 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:43351)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1hfVHM-0002fa-F0; Mon, 24 Jun 2019 16:09:28 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43808 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1hfVHK-0007Of-0c; Mon, 24 Jun 2019 16:09:27 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Julien Lepiller <julien@HIDDEN>
Subject: Re: bug#36363: let's encrypt hash mismatch
References: <20190624192302.0eccdd72@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 6 Messidor an 227 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 24 Jun 2019 22:09:23 +0200
In-Reply-To: <20190624192302.0eccdd72@HIDDEN> (Julien
 Lepiller's message of "Mon, 24 Jun 2019 19:23:02 +0200")
Message-ID: <874l4e4ufg.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 36363
Cc: 36363 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Julien,

Julien Lepiller <julien@HIDDEN> skribis:

>  expected hash: 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y
>  actual hash:   0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac
>  hash mismatch for store item
>  '/gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem' build

I believe you=E2=80=99d be fine if substitutes were enabled, but they=E2=80=
=99re not.

In the meantime, you can fetch those files with something like:

  wget -O /tmp/isrgrootx1.pem \
    http://berlin.guix.gnu.org/file/isrgrootx1.pem/sha256/0zhd1ps7sz4w1x52x=
k3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y
  guix download file:///tmp/isrgrootx1.pem

But yeah, like Tobias writes, it=E2=80=99s a bit of a problem.  Should we m=
irror
them somewhere?  Does Let=E2=80=99s Encrypt have them under a versioned URL
elsewhere?

HTH,
Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#36363; Package guix. Full text available.

Message received at 36363 <at> debbugs.gnu.org:


Received: (at 36363) by debbugs.gnu.org; 24 Jun 2019 18:44:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 24 14:44:20 2019
Received: from localhost ([127.0.0.1]:57962 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hfTwy-0001z4-0C
	for submit <at> debbugs.gnu.org; Mon, 24 Jun 2019 14:44:20 -0400
Received: from tobias.gr ([80.241.217.52]:37950)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@HIDDEN>) id 1hfTwv-0001yq-ME
 for 36363 <at> debbugs.gnu.org; Mon, 24 Jun 2019 14:44:18 -0400
Received: by tobias.gr (OpenSMTPD) with ESMTP id 7dadd4f1;
 Mon, 24 Jun 2019 18:44:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to:cc
 :subject:references:in-reply-to:date:message-id:mime-version
 :content-type; s=2018; i=me@HIDDEN; bh=vIeb8ZsXjt8hjA2FqVPjdu
 qmsBJxjaayyrJJDIeEqNM=; b=kqKi3CIDgteJjkQpivPxNxQ5NQFKaQ7QKtAMDR
 JYYGZ22wThAJAwHfSeNOfEpXLm1AifTomArQCuz8kArsRTE8k9BRTc4vAnqj3Fzi
 xsqcn3fpkpw8pI+3ZlQPHIFyVxs6grtWkNLby7vZs8X5v02LPPalDdVvh2TjJBTE
 ldoA9o2/QNNFr81RXzmn5Ej/fuVeSkaC2F7fpJPVnPfRRHDo96Kr1jfMEfIH9OHn
 svD3YvQ3NNBNuWaFUOgC1n1BtYVXu86ghylyMlDoStNcbjTUWu2m9w8ZBQSFW/9A
 /4GjaoqaRuXfiDil3Iq9k3Nnum1M9BiZ239JSO9kUTMuNHeQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 767b6289
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Mon, 24 Jun 2019 18:44:08 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
To: julien lepiller <roptat@HIDDEN>
Subject: Re: bug#36363: let's encrypt hash mismatch
References: <20190624192302.0eccdd72@HIDDEN>
In-reply-to: <20190624192302.0eccdd72@HIDDEN>
Date: Mon, 24 Jun 2019 20:44:07 +0200
Message-ID: <87pnn2su14.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 36363
Cc: 36363 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Julien,

Julien Lepiller wrote:
> trying to run guix pull on the overdrive at my place to try and=20
> fix a
> bug in openssh which doesn't start at boot, I get this error=20
> message:

[=E2=80=A6]

>  letsencryptauthorityx3.pem  2KiB     385KiB/s 00:00
>  [##################] 100.0% sha256 hash mismatch
>  for /gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem:
>  expected hash:=20
>  0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y
>  actual hash:=20
>  0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac

This will keep happening until we find(/create) a versioned URL=20
for these files.  Let's Encrypt like to change them in place.

The last time this happened they'd added CR/LF line endings for no=20
reason at all, but this time I don't have the old version around=20
anymore=E2=80=A6

Kind regards,

T G-R

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXREZ9wAKCRANsP+IT1Vt
eb68AP9kHVa3N5XK+oVT5VWBbR0tESbh6hwE8xU+FpY/C0xi7QD+M1IwdZwag8Zz
oQCHuZx4oKQuhwfOUDuhJCPvOxu5RA0=
=hqxO
-----END PGP SIGNATURE-----
--=-=-=--




Information forwarded to bug-guix@HIDDEN:
bug#36363; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 24 Jun 2019 17:23:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 24 13:23:29 2019
Received: from localhost ([127.0.0.1]:57890 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hfSgj-0006AM-KC
	for submit <at> debbugs.gnu.org; Mon, 24 Jun 2019 13:23:29 -0400
Received: from lists.gnu.org ([209.51.188.17]:44065)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@HIDDEN>) id 1hfSgg-0006AC-PX
 for submit <at> debbugs.gnu.org; Mon, 24 Jun 2019 13:23:27 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44616)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <julien@HIDDEN>) id 1hfSgf-0003VZ-ER
 for bug-guix@HIDDEN; Mon, 24 Jun 2019 13:23:26 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <julien@HIDDEN>) id 1hfSge-0003X6-4f
 for bug-guix@HIDDEN; Mon, 24 Jun 2019 13:23:25 -0400
Received: from lepiller.eu ([2a00:5884:8208::1]:52646)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1hfSgd-0003JP-Qd
 for bug-guix@HIDDEN; Mon, 24 Jun 2019 13:23:24 -0400
Received: from tachikoma.lepiller.eu (89-92-10-229.hfc.dyn.abo.bbox.fr
 [89.92.10.229]) by lepiller.eu (OpenSMTPD) with ESMTPSA id bd913a00
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <bug-guix@HIDDEN>;
 Mon, 24 Jun 2019 17:23:13 +0000 (UTC)
Date: Mon, 24 Jun 2019 19:23:02 +0200
From: Julien Lepiller <julien@HIDDEN>
To: bug-guix@HIDDEN
Subject: let's encrypt hash mismatch
Message-ID: <20190624192302.0eccdd72@HIDDEN>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:5884:8208::1
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

trying to run guix pull on the overdrive at my place to try and fix a
bug in openssh which doesn't start at boot, I get this error message:

building /gnu/store/qvrwd6v9jy50j121f963v7rps8fc8qsa-isrgrootx1.pem.drv...
building /gnu/store/3s8l6bg8gsfxrqallc5w02drl1m021ky-letsencryptauthorityx3=
.pem.drv...

Starting download
of /gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem From
https://letsencrypt.org/certs/isrgrootx1.pem...

Starting download
of /gnu/store/bcq7sqhg18b7b1q87j8z60d5hybsdafm-letsencryptauthorityx3.pem
=46rom https://letsencrypt.org/certs/letsencryptauthorityx3.pem...
downloading from https://letsencrypt.org/certs/isrgrootx1.pem...
downloading from
https://letsencrypt.org/certs/letsencryptauthorityx3.pem...

 letsencryptauthorityx3.pem  2KiB     385KiB/s 00:00
 [##################] 100.0% sha256 hash mismatch
 for /gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem:
 expected hash: 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y
 actual hash:   0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac
 hash mismatch for store item
 '/gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem' build
 of /gnu/store/qvrwd6v9jy50j121f963v7rps8fc8qsa-isrgrootx1.pem.drv
 failed View build log at
 '/var/log/guix/drvs/qv/rwd6v9jy50j121f963v7rps8fc8qsa-isrgrootx1.pem.drv.b=
z2'.
 cannot build derivation
 `/gnu/store/03xigpq7w1ll67ydrwhjydmybdj5gd2i-le-certs-0.drv': 1
 dependencies couldn't be built guix pull: error: build failed: build
 of `/gnu/store/03xigpq7w1ll67ydrwhjydmybdj5gd2i-le-certs-0.drv' failed


Thanks!




Acknowledgement sent to Julien Lepiller <julien@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#36363; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 24 Jun 2019 20:15:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.