[RTFACT-15440] Hash sum mismatch Created: 08/Dec/17 Updated: 07/Jun/18 Resolved: 07/Jun/18
|Project:||Artifactory Binary Repository|
|Resolution:||Not a Bug||Votes:||2|
|Labels:||apt-get, artifactory, debian|
We are running Artifactory Professional 5.4.1 rev 50054
We have set up a remote repo that looks like this
Which we are using frequently to build docker containers that are based on different versions of Ubuntu. Right now we are seeing a lot of problem with "Hash sum mismatch" when trying to fetch and install packages from this repo. It happens both for index files, all Ubuntu versions, and individual packages, mostly for Ubuntu 16.04 packages.
We have tried various workarounds like doing "sudo rm -rf /var/lib/apt/lists/*" before apt-get clean, update and install.
Sometimes it seems to help for awhile but we keep ending up with the hash sum mismatch problem, sometimes we can get a few Docker builds through if we do Zap cache, but it usually doesn't last for long.
I have tried to verify the hash sums that apt-get claims is not matching up but I have not been able see any thing strange there. If I fetch the packages manually and compare the hash sums with the values in Artifactory it all seems to match. And the same correct hashes are visible in the apt-get command when I enable debug printouts for apt-get.
If we skip our Artifactory server and use the Ubuntu repository directly we never see these problems.
We are kind of stuck here and not really sure what to do, any insights would be appreciated. And I would be happy to supply more information.
|Comment by Jens Löök [ 13/Dec/17 ]|
In Ubuntu 17.04 we have encountered the same problem but we get some better error message from apt-get
E: Failed to fetch http://<internal artifactory server>/artifactory/archive.ubuntu.com/ubuntu/pool/main/l/llvm-toolchain-4.0/libllvm4.0_4.0-1ubuntu1_i386.deb Hash Sum mismatch
And then I fetch the file from artifactory and manyally run the checksum command and they all match the expected hashes
|Comment by Andrei Komarov [ 07/Jun/18 ]|
Looks like the case here is that the APT client is using HTTP pipelining:
But the client not validating the repository server's capability to work with HTTP pipelining.
Moreover, if using Nginx - it is not supporting HTTP pipelining:
|Comment by Jens Löök [ 07/Jun/18 ]|
And the solution for us is to set Acquire::http::Pipeline-Depth 0 as an option for apt.
We added this line in our Dockerfiles
RUN echo 'Acquire::http::Pipeline-Depth 0;' >> /etc/apt/apt.conf