[GH-ISSUE #270] SHA-256 mismatch for v2.0.0.tar.gz #188

New issue

Closed

opened 2026-02-25 20:33:00 +03:00 by kerem · 5 comments

kerem commented 2026-02-25 20:33:00 +03:00

Owner

Copy link

Originally created by @ilovezfs on GitHub (Mar 1, 2018).
Original GitHub issue: https://github.com/asciinema/asciinema/issues/270

Homebrew users currently cannot build asciinema from source due to a SHA-256 checksum mismatch for v2.0.0.tar.gz (https://github.com/asciinema/asciinema/archive/v2.0.0.tar.gz)

Sun Feb 11 00:05:37 2018 -0800 the SHA-256 was
65224d8dcc8c579fd678fff83ea89eecfd35a1d2ca853ee6fcf27d2f7b5e3205

Now it's changed to
ef7c6143dfe1d3ae77fd5d41ef93344e0c5f840b1272a11f41938e1b718baf0f

Do you have any idea what happened here? To rule out malicious circumstances, we'll need to know why the file has changed before the checksum can be updated in Homebrew. Thanks!

Originally created by @ilovezfs on GitHub (Mar 1, 2018). Original GitHub issue: https://github.com/asciinema/asciinema/issues/270 Homebrew users currently cannot build asciinema from source due to a SHA-256 checksum mismatch for v2.0.0.tar.gz (https://github.com/asciinema/asciinema/archive/v2.0.0.tar.gz) Sun Feb 11 00:05:37 2018 -0800 the SHA-256 was 65224d8dcc8c579fd678fff83ea89eecfd35a1d2ca853ee6fcf27d2f7b5e3205 Now it's changed to ef7c6143dfe1d3ae77fd5d41ef93344e0c5f840b1272a11f41938e1b718baf0f Do you have any idea what happened here? To rule out malicious circumstances, we'll need to know why the file has changed before the checksum can be updated in Homebrew. Thanks!

kerem closed this issue 2026-02-25 20:33:00 +03:00

kerem commented 2026-02-25 20:33:00 +03:00

Author

Owner

Copy link

@ilovezfs commented on GitHub (Mar 1, 2018):

Ref https://jenkins.brew.sh/job/Homebrew%20Core%20Pull%20Requests/19419/version=high_sierra/testReport/junit/brew-test-bot/high_sierra/fetch_asciinema/

<!-- gh-comment-id:369558326 --> @ilovezfs commented on GitHub (Mar 1, 2018): Ref https://jenkins.brew.sh/job/Homebrew%20Core%20Pull%20Requests/19419/version=high_sierra/testReport/junit/brew-test-bot/high_sierra/fetch_asciinema/

kerem commented 2026-02-25 20:33:00 +03:00

Author

Owner

Copy link

@ku1ik commented on GitHub (Mar 1, 2018):

I have updated the v2.0.0 tag. Specifically I've removed it and then created a new signed one.
Given that signed tags are more like commits this could have changed the checksum of the tarball...

<!-- gh-comment-id:369713002 --> @ku1ik commented on GitHub (Mar 1, 2018): I have updated the `v2.0.0` tag. Specifically I've removed it and then created a new signed one. Given that signed tags are more like commits this could have changed the checksum of the tarball...

kerem commented 2026-02-25 20:33:00 +03:00

Author

Owner

Copy link

@ku1ik commented on GitHub (Mar 11, 2018):

@ilovezfs has the checksum been updated in Homebrew? Can we close this?

<!-- gh-comment-id:372113530 --> @ku1ik commented on GitHub (Mar 11, 2018): @ilovezfs has the checksum been updated in Homebrew? Can we close this?

kerem commented 2026-02-25 20:33:00 +03:00

Author

Owner

Copy link

@ilovezfs commented on GitHub (Mar 11, 2018):

yup! Thanks :)

<!-- gh-comment-id:372115134 --> @ilovezfs commented on GitHub (Mar 11, 2018): yup! Thanks :)

kerem commented 2026-02-25 20:33:00 +03:00

Author

Owner

Copy link

@ku1ik commented on GitHub (Mar 11, 2018):

@ilovezfs well, thank you for handling this 👌

<!-- gh-comment-id:372120612 --> @ku1ik commented on GitHub (Mar 11, 2018): @ilovezfs well, thank you for handling this 👌

kerem referenced this issue 2026-03-15 10:10:16 +03:00

[GH-ISSUE #188] highlighting bug #753

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/cargo/rustls-webpki-0.103.13

dependabot/cargo/rand-0.9.3

dependabot/cargo/quinn-proto-0.11.14

main

python

golang

v3.2.0

v3.1.0

v3.0.1

v3.0.0

v3.0.0-rc.5

v3.0.0-rc.4

v3.0.0-rc.3

v3.0.0-rc.2

v3.0.0-rc.1

v2.4.0

v2.3.0

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.4.0

v1.3.0

v1.2.0

v1.1.1

v1.1.0

v1.0.0

v1.0.0.rc2

v1.0.0.rc1

v0.9.9

v0.9.8

v0.9.7

v0.9.6

v0.9.5

v0.9.4

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.1

Labels

Clear labels   

bug

  

compatibility

  

feature request

  

fit for beginners

  

help wanted

  

hosting

  

idea

  

improvement

  

packaging

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

compatibility

feature request

fit for beginners

help wanted

hosting

idea

improvement

packaging

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/asciinema#188

No description provided.