Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Resolved] Error installing boost Verification checksum was incorrect. #42180

Closed
cipolleschi opened this issue Jan 8, 2024 · 1 comment
Closed

[Resolved] Error installing boost Verification checksum was incorrect. #42180

cipolleschi opened this issue Jan 8, 2024 · 1 comment
Labels
RN Team

Comments

@cipolleschi
Copy link
Contributor

cipolleschi commented Jan 8, 2024
edited

9 Jan

Yesterday, the release crew released three versions of React Native:

Please, update your React Native apps to these version to avoid similar issues in the future.
We consider the boost verification issue gone.

Meanwhile, the original JFrog url is working again, so older version of React Native should be working as before the breakage.

Anyway, please try to allocate some time to migrate your app to a supported version.

8 Jan

What's happening

React Native uses a 3rd parties dependencies called boost which is a C++ utility library.
The library is hosted by JFrog and it is downloaded by the React Native's iOS build system when a user runs bundle exec pod install.
The download is then verified by checking the checksum of the downloaded tarball.

Starting from New Year's Eve, JFrog is having some troubles.
We had a first occurrence of the issue around New Year's Eve.
Over the weekend of the 6th of January, the issue represented itself.

The net effect of it is that iOS builds are failing when users run bundle exec pod install.

Mitigation

The mitigation we found is to move away from the JFrog ditribution, over the boost archives one.
This might not be the final solution, as we are waiting for an official answer from boost about what's the best source to use to download the library.
However, moving to the boost archive download url will unblock all the builds.

We already prepared various PRs for the various versions to address the issue:

It will require a little bit of time for the Release Crew to take care of all the versions, so bear with us and thanks for your patience.
Notice also that 0.70 is technically out of the support window. We might or might not release a new version of it, we still need to assess the impact on that version.

While the Release Crew is working on the releases, you can unblock yourself with the following workaround.

Workaround

While we are releasing new versions of React Native to mitigate the issue, you can unblock yourself by applying these patches to the react-native package.

Caveats:

  • you don't have to update anything related to Android as we are shipping prebuilds for React Native, thus you don't need to download boost if you are building android.
  • the patch needs to be applied after every yarn install as it modifies the node_modules. If you are using a tool like patch-packages, you shouldn't worry about this point.

0.73

diff --git a/node_modules/react-native/third-party-podspecs/boost.podspec b/node_modules/react-native/third-party-podspecs/boost.podspec
index 3950fce..3ae78ba 100644
--- a/node_modules/react-native/third-party-podspecs/boost.podspec
+++ b/node_modules/react-native/third-party-podspecs/boost.podspec
@@ -10,7 +10,7 @@ Pod::Spec.new do |spec|
   spec.homepage = 'http://www.boost.org'
   spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
   spec.authors = 'Rene Rivera'
-  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.83.0/source/boost_1_83_0.tar.bz2',
+  spec.source = { :http => 'https://archives.boost.io/release/1.83.0/source/boost_1_83_0.tar.bz2',
                   :sha256 => '6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e' }
 
   # Pinning to the same version as React.podspec.

0.72

diff --git a/node_modules/react-native/third-party-podspecs/boost.podspec b/node_modules/react-native/third-party-podspecs/boost.podspec
index 3950fce..3ae78ba 100644
--- a/node_modules/react-native/third-party-podspecs/boost.podspec
+++ b/node_modules/react-native/third-party-podspecs/boost.podspec
@@ -10,7 +10,7 @@ Pod::Spec.new do |spec|
   spec.homepage = 'http://www.boost.org'
   spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
   spec.authors = 'Rene Rivera'
-  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.76.0/source/boost_1_76_0.tar.bz2',
+  spec.source = { :http => 'https://archives.boost.io/release/1.76.0/source/boost_1_76_0.tar.bz2',
                   :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }
 
   # Pinning to the same version as React.podspec.

0.71

diff --git a/node_modules/react-native/third-party-podspecs/boost.podspec b/node_modules/react-native/third-party-podspecs/boost.podspec
index 3950fce..3ae78ba 100644
--- a/node_modules/react-native/third-party-podspecs/boost.podspec
+++ b/node_modules/react-native/third-party-podspecs/boost.podspec
@@ -10,7 +10,7 @@ Pod::Spec.new do |spec|
   spec.homepage = 'http://www.boost.org'
   spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
   spec.authors = 'Rene Rivera'
-  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.76.0/source/boost_1_76_0.tar.bz2',
+  spec.source = { :http => 'https://archives.boost.io/release/1.76.0/source/boost_1_76_0.tar.bz2',
                   :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }
 
   # Pinning to the same version as React.podspec.

0.70

diff --git a/node_modules/react-native/third-party-podspecs/boost.podspec b/node_modules/react-native/third-party-podspecs/boost.podspec
index 3950fce..3ae78ba 100644
--- a/node_modules/react-native/third-party-podspecs/boost.podspec
+++ b/node_modules/react-native/third-party-podspecs/boost.podspec
@@ -10,7 +10,7 @@ Pod::Spec.new do |spec|
   spec.homepage = 'http://www.boost.org'
   spec.summary = 'Boost provides free peer-reviewed portable C++ source libraries.'
   spec.authors = 'Rene Rivera'
-  spec.source = { :http => 'https://boostorg.jfrog.io/artifactory/main/release/1.76.0/source/boost_1_76_0.tar.bz2',
+  spec.source = { :http => 'https://archives.boost.io/release/1.76.0/source/boost_1_76_0.tar.bz2',
                   :sha256 => 'f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41' }
 
   # Pinning to the same version as React.podspec.

Steps to reproduce

create a new react native app
run bundle exec pod install
observe the issue

React Native Version

All the React Native versions
@github-actions github-actions bot added Needs: Author Feedback Needs: Version Info Needs: Repro This issue could be improved with a clear list of steps to reproduce the issue. and removed Needs: Triage 🔍 labels Jan 8, 2024
@cipolleschi cipolleschi pinned this issue Jan 8, 2024
@facebook facebook locked as too heated and limited conversation to collaborators Jan 8, 2024
@facebook facebook deleted a comment from github-actions bot Jan 8, 2024
@facebook facebook deleted a comment from github-actions bot Jan 8, 2024
@cortinico cortinico added RN Team and removed Needs: Author Feedback Needs: Repro This issue could be improved with a clear list of steps to reproduce the issue. Needs: Version Info labels Jan 8, 2024
@cortinico
Copy link
Contributor

Hey all,
Just a small heads up that as of now, the JFrog's Boost Mirror is back up, so operations should be back to normal.

@cipolleschi cipolleschi changed the title [Workaround Available] Error installing boost Verification checksum was incorrect. [Resolved] Error installing boost Verification checksum was incorrect. Jan 9, 2024
@kelset kelset unpinned this issue Jan 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
RN Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cortinico @cipolleschi