Solidity: Checksum mismatch in solc-bin

Created on 26 Jun 2020  路  7Comments  路  Source: ethereum/solidity

The last commit https://github.com/ethereum/solc-bin/commit/331d998138f2bc0aa5d3694a12c2beab69daad75 modified the bin file for the 0.6.10 release but did not modify the checksum, resulting in a mismatch.

Any tool that validates the compiler against the checksum will fail so I think this should be fixed ASAP, especially given the version affected is the latest release.

bug
Source
picture frangio
👍6

Most helpful comment

Sorry about that, it seems to have been a rogue script. Can you please check if it is fixed?

picture chriseth on 26 Jun 2020
👍3

All 7 comments

Totally The same!! Please fix this as soon as possible!

payvint picture payvint on 26 Jun 2020

It blocks development!
Please update binaries.

DimaStebaev picture DimaStebaev on 26 Jun 2020

Sorry about that, it seems to have been a rogue script. Can you please check if it is fixed?

chriseth picture chriseth on 26 Jun 2020
👍3

Thank you @chriseth very much, looks like it is fixed!!

payvint picture payvint on 26 Jun 2020
👍1

Actually reopening since the root cause is not fixed yet.

chriseth picture chriseth on 26 Jun 2020

The damaged files (soljson-v0.6.10+commit.00c0fcaf.js and soljson-latest.js) are actually truncated. I don't see anything in the scripts that would intentionally update an older release/nightly binary. Every run either adds a single new binary or exits. The only way it could happen is if they were damaged while being copied and then git commit -a picked up the unintended changes and included them in the commit.

As to how they got damaged - there are several suspects:

  • git clone or git checkout - though git is pretty reliable so I doubt it would cleanly exit on error
  • cp - same here
  • the update script written in JS

What's interesting is that soljson-v0.6.10+commit.00c0fcaf.js and soljson-latest.js (which are supposed to have the same content in that commit) are truncated at different points. soljson-latest.js is significantly shorter (19672 kB vs 20624 kB; both should be 20683 kB instead). In the update script I see that it always rewrites soljson-latest.js (even if there was no new release) so it could happen at that point. But this does not explain why soljson-v0.6.10+commit.00c0fcaf.js is shorter too. The script does not touch it. It looks as if both files were truncated independently but this seems unlikely to me.

This also looks a bit as if one of the operations was being performed asynchronously and did not finish before another. This could be the case with the update script but I don't see anything asynchronous in publish_binary.sh.

cameel picture cameel on 26 Jun 2020

We can close this now. The cause of the truncation has been identified and fixed (https://github.com/ethereum/solc-bin/pull/32). We have also just finished migrating the nightly builds from Travis to Github Actions and they're enabled again (https://github.com/ethereum/solc-bin/pull/30). The new script makes sure that no unexpected files (e.g. old releases) have been modified before pushing the nightly.

cameel picture cameel on 23 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

AnthonyAkentiev picture AnthonyAkentiev  路  3Comments
axic picture axic  路  4Comments
walter-weinmann picture walter-weinmann  路  4Comments
area picture area  路  3Comments
kkagill picture kkagill  路  4Comments