Skip to content

glew/2.3.0 package update #76608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
octo-sts wants to merge 2 commits into
base: main
Choose a base branch
from
Open

glew/2.3.0 package update #76608

octo-sts wants to merge 2 commits into from
+3 −3

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 22, 2025

Note: If you need to make manual changes to this PR, apply the skip:staging-update-bot label so the reconciler won't overwrite them.

@octo-sts octo-sts bot added automated pr request-version-update request for a newer version of a package glew labels Dec 22, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Dec 22, 2025

🔍 Build Failed: Checksum Verification Failed

fetch: Expected sha512 does not match found: a452874b7e7e5a359593fcd93475cf2c7a484f649947308f8611461df58772e060fe5a305434c22cc2411e34a20775379fcae735477f6ef056b31730ae87426e

Build Details

Category Details
Build System melange
Failure Point fetch step - SHA512 checksum verification

Root Cause Analysis 🔍

The downloaded source file glew-2.3.0.tgz has a different SHA512 checksum than expected. Expected: eee1a6ee53bd05536ef760ca49b599aac2a0f4c457e4eade22e4cee44bb9e971026ab21df3399e2eaaecb070a7adc36da6dc7078b2f2d005f86a26370181740e, but found: a452874b7e7e5a359593fcd93475cf2c7a484f649947308f8611461df58772e060fe5a305434c22cc2411e34a20775379fcae735477f6ef056b31730ae87426e. This indicates either the source file has been updated/changed on the server, or there's a configuration error in the package definition.

🔍 Build failure fix suggestions

Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:

Suggested Changes

File: glew.yaml

  • checksum_update at line 25 (pipeline[0].uses.with.expected-sha512)
    Original:
eee1a6ee53bd05536ef760ca49b599aac2a0f4c457e4eade22e4cee44bb9e971026ab21df3399e2eaaecb070a7adc36da6dc7078b2f2d005f86a26370181740e

Replacement:

a452874b7e7e5a359593fcd93475cf2c7a484f649947308f8611461df58772e060fe5a305434c22cc2411e34a20775379fcae735477f6ef056b31730ae87426e

Content:

Update the expected SHA512 checksum to match the actual file hash
Click to expand fix analysis

Analysis

Looking at all three similar fixes, there's a clear pattern: in every case of SHA512 checksum mismatch, the solution was to update the expected-sha512 value in the fetch operation to match the actual file hash found during download. Fix #0 updated from 'ac1acb7132bad318fc2f9e1f1eba7e64b042e875ca754d1eada8b35e0d7b1823bb03c3ce80dee7aaf147d21ef1f77aa1faa14e3e58f50a61d31b1ab5d87788bd' to 'd2bd32e1f508585aa35db2ee3d9dc15fa20ad6f06ebaf894bba687aaaacf7771a0d0c5f5ffa8ed8c3e01d9239e20d26194e8f491f7cf10c2de140b64c58a2ede'. Fix #1 updated googletest from '70c0cfb1b4147bdecb467ecb22ae5b5529eec0abc085763213a796b7cdbd81d1761d12b342060539b936fa54f345d33f060601544874d6213fdde79111fa813e' to '765c326ccc1b87a01027385e69238266e356361cd4ee3e18e3c9d137a5d11fa5d657c164d02dd1be8fe693c8e10f2b580588dbfa57d27f070e2750f50d3e662c'. Fix #2 shows the same pattern with Apache Hop sources. All three fixes show that when upstream files change their checksums, the expected value in the YAML must be updated to match reality.

Click to expand fix explanation

Explanation

This fix will resolve the checksum mismatch by updating the expected-sha512 value to match the actual hash of the downloaded file. The error message clearly indicates that the downloaded file 'glew-2.3.0.tgz' has SHA512 'a452874b7e7e5a359593fcd93475cf2c7a484f649947308f8611461df58772e060fe5a305434c22cc2411e34a20775379fcae735477f6ef056b31730ae87426e' but the build configuration expects 'eee1a6ee53bd05536ef760ca49b599aac2a0f4c457e4eade22e4cee44bb9e971026ab21df3399e2eaaecb070a7adc36da6dc7078b2f2d005f86a26370181740e'. This type of checksum change typically happens when upstream releases replace files with identical content but different metadata (like timestamps or compression), or when the upstream source has been updated. The consistent pattern from all three similar fixes confirms that updating the expected checksum to the found value is the standard and correct solution.

Click to expand alternative approaches

Alternative Approaches

  • Verify upstream file integrity by downloading from multiple mirrors or checking official release announcements to confirm the file hasn't been tampered with
  • Contact upstream maintainers to verify if the checksum change is intentional
  • Use a different source URL if available (though this typically isn't necessary for well-established projects like GLEW)

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Dec 22, 2025
@AmberArcadia AmberArcadia self-assigned this Dec 29, 2025
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. approver-bot/manual-review-needed manual/review-needed staging-approver-bot/manual-review-needed labels Dec 30, 2025
@AmberArcadia AmberArcadia requested a review from a team December 30, 2025 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@AmberArcadia AmberArcadia

Labels

ai/skip-comment Stop AI from commenting on PR approver-bot/manual-review-needed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. glew manual/review-needed request-version-update request for a newer version of a package staging-approver-bot/manual-review-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AmberArcadia