[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rclone selfupdate broken in v1.64.0 and v1.64.1 #7373

Closed
ncw opened this issue Oct 17, 2023 · 3 comments
Closed

rclone selfupdate broken in v1.64.0 and v1.64.1 #7373

ncw opened this issue Oct 17, 2023 · 3 comments
Labels
bug

Comments

@ncw
Copy link
Member
ncw commented Oct 17, 2023 
$ sudo rclone selfupdate --stable -vv
2023/10/17 18:42:20 DEBUG : rclone: Version "v1.64.0" starting with parameters ["rclone" "selfupdate" "--stable" "-vv"]
2023/10/17 18:42:30 DEBUG : downloaded release archive with hashsum 28b8907df12cb866c627f7dd3a692326e073384ceb5e99328007941026bb73b8 from https://downloads.rclone.org/v1.64.1/rclone-v1.64.1-osx-amd64.zip
2023/10/17 18:42:30 DEBUG : downloaded hashsum list: https://downloads.rclone.org/v1.64.1/SHA256SUMS
2023/10/17 18:42:30 Error: failed to update rclone: invalid hashsum signature

This is caused by the upgrade of the "github.com/ProtonMail/go-crypto/openpgp" library in 014acc9 by @henrybear327 . Which is in turn caused by this commit ProtonMail/go-crypto@5503f24

I have reported an upstream issue about this here ProtonMail/go-crypto#187

Options to fix are

  • upstream fix
  • revert to a previous version of the go-crypto library. However this affects the protondrive backend causing it not to compile when I tried reverting it to the known good version.
  • go back to using x/crypto/openpgp
  • redo the signatures with the flag the openpgp library is now looking for

Note that you can test selfupdate without updating rclone like this rclone selfupdate --version v1.63.1 -vv --output /tmp/z.

Note also that this wasn't picked up by the integration tests and it definitely should have been so that needs investigating.
@ncw ncw added the bug label Oct 17, 2023
@gh0sti
Copy link
gh0sti commented Oct 18, 2023

I'm glad I did a Google search to find out why this broke and I was so confused as to why I was getting the hashsum error.

ncw added a commit that referenced this issue Oct 18, 2023
@ncw
selfupdate: fix "invalid hashsum signature" error
a836cb5 
This was caused by a change to the upstream library
ProtonMail/go-crypto checking the flags on the keys more strictly.

However the signing key for rclone is very old and does not have those
flags. Adding those flags using `gpg --edit-key` and then the
`change-usage` subcommand to remove, save, quite then re-add, save
quit the signing capabilities caused the key to work.

This also adds tests for the verification and adds the selfupdate
tests into the integration test harness as they had been disabled on
CI because they rely on external sources and are sometimes unreliable.

Fixes #7373
@ncw ncw closed this as completed in 37d786c Oct 18, 2023
@ncw
Copy link
Member Author
ncw commented Oct 18, 2023

I'll release this fix in v1.64.2 tomorrow.

Unfortunately I can't fix v1.64.0 and v1.64.1 so if you've got one of those selfupdate won't work and you'll have to do a manual download.

@gh0sti
Copy link
gh0sti commented Oct 18, 2023

I'll release this fix in v1.64.2 tomorrow.

Unfortunately I can't fix v1.64.0 and v1.64.1 so if you've got one of those selfupdate won't work and you'll have to do a manual download.

Understandable. I'll just manually update.

ncw added a commit that referenced this issue Oct 19, 2023
@ncw
selfupdate: fix "invalid hashsum signature" error
4325a7c 
This was caused by a change to the upstream library
ProtonMail/go-crypto checking the flags on the keys more strictly.

However the signing key for rclone is very old and does not have those
flags. Adding those flags using `gpg --edit-key` and then the
`change-usage` subcommand to remove, save, quite then re-add, save
quit the signing capabilities caused the key to work.

This also adds tests for the verification and adds the selfupdate
tests into the integration test harness as they had been disabled on
CI because they rely on external sources and are sometimes unreliable.

Fixes #7373
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ncw @gh0sti