1

For some time now, composer sporadically complains that checksum verification fails for some packages. It continues installing them from source.

Usually this is not a problem, but I wonder if there is something weird going on.

Examples:

- Installing doctrine/data-fixtures (v1.2.2): Downloading (100%) Failed to download doctrine/data-fixtures from dist: The checksum verification of the file failed (downloaded from https://api.github.com/repos/doctrine/data-fixtures/zipball/17fa5bfe6ff52e35cb3d9ec37c934a2f4bd1fa2e) Now trying to download from source

- Installing ocramius/proxy-manager (1.0.2): Downloading (100%) Failed to download ocramius/proxy-manager from dist: The checksum verification of the file failed (downloaded from https://api.github.com/repos/Ocramius/ProxyManager/zipball/57e9272ec0e8deccf09421596e0e2252df440e11) Now trying to download from source

- Installing doctrine/migrations (v1.5.0): Downloading (100%) Failed to download doctrine/migrations from dist: The checksum verification of the file failed (downloaded from https://api.github.com/repos/doctrine/migrations/zipball/c81147c0f2938a6566594455367e095150547f72) Now trying to download from source

- Installing doctrine/orm (v2.5.6): Downloading (100%) Failed to download doctrine/orm from dist: The checksum verification of the file failed (downloaded from https://api.github.com/repos/doctrine/doctrine2/zipball/e6c434196c8ef058239aaa0724b4aadb0107940b) Now trying to download from source

This is taken from ONE composer install invocation on my local machine. Many packages install just fine, however.

On our Jenkins server, this happens for all packages as far as I can see.

What is going on there? We do have a SATIS service running in our local network, but it seems like composer complains about the dist files from the original package locations. The SATIS service is used for private packages only.

Can anybody imagine what the problem is? Did anybody experience some similar issue?

Thanks!

t11n
  • 46
  • 1
  • 6

2 Answers2

0

Try to check/update composer version and run composer clear-cache after that

J Price
  • 56
  • 6
  • Updated composer today: `# composer.phar --version Composer version 1.5.0 2017-08-08 11:08:04` Cleared cache manually before, now did as suggested: `# composer.phar clear-cache Cache directory does not exist (cache-vcs-dir): Clearing cache (cache-repo-dir): /root/.composer/cache/repo Clearing cache (cache-files-dir): /root/.composer/cache/files Clearing cache (cache-dir): /root/.composer/cache All caches cleared.` Same result :-( It is even the same packages failing. – t11n Aug 08 '17 at 14:38
0

Not 100% related but may haelp someone someday.

I was hand-modifying the composer.lock file (oh the horror!!! I know, bad practice, but there's a bug that was forcing me to do so). I had to change the url to a package and the former entry had a shasum entry under it that I didn't remove. The new entry didn't need/have that. Composer was looking at that shasum and noticing that it wasn't a match.

So I removed the shasum and all was good.

Before

"dist": {
    "type": "zip",
    "url": "https://example.com/repo/path/package-1.0.0.zip",
    "shasum": "abcdefg123456789"
},

After with error

"dist": {
    "type": "zip",
    "url": "https://repo.example.com/repo/path/package-1.0.1.zip",
    "shasum": "abcdefg123456789"
},

After without error

"dist": {
    "type": "zip",
    "url": "https://repo.example.com/repo/path/package-1.0.1.zip"
},
PromInc
  • 1,174
  • 7
  • 12