[yocto] openjdk build fails due to checksum mismatches from icedtea-native

[Randy Mortensen]

> On Oct 5, 2016, at 7:14 PM, Darcy Watkins <dwatkins at sierrawireless.com> wrote:
> 
> 
> 
>> On Oct 5, 2016, at 4:52 PM, Khem Raj <raj.khem at gmail.com> wrote:
>>> On Oct 5, 2016, at 4:45 PM, Randy Mortensen <randym at stratagemsystems.com> wrote:
>>>> On Oct 5, 2016, at 5:04 PM, Darcy Watkins <dwatkins at sierrawireless.com> wrote:
>>>> 
>>>> From what I gleaned from recent discussions of fetcher errors, this is somehow connected with rollout of Python related security fixes to various Linux distributions and/or some ...-native recipes.
>>>> 
>>>> It was a bunch of tar balls that are named as mercurial hashes from within iced tea rather than the yocto fetch. I worked around it by grabbing the tarballs from a different checkout since I didn't have time to dig into it.
>>>> 
>>>> It affected a fresh checkout I was building from scratch.
>>>> 
>>> Thanks for the response. This also happened to me when trying to build from scratch.
>>> For my clarification, did you already have the tar balls downloaded or were you able to download them from a previous (icedtea) commit somehow?
> 
> I had the tar balls in a different build that I had around for some time.  The reason I never cached these ones in a shared location on our server was I felt that tar balls with small hashes as filenames was too prone to collisions, especially without a package name as a prefix.  I don't know if that is a convention of iced tea, or how the fetcher handles mercurial.
> 
>> Can you check if the tarballs have been rebuilt upstream ? if so we should try to find out what changed.
>> It could also be an oversight that a recipe update forgot or updated the checksums wrongly. but we should try to root cause it
> 
> I agree here.  We should root cause it.
> 
> 
I’m not sure how this is all supposed to work, but I managed to get past the fetch failures by changing the md5sum and sha256sum checksums in icedtea7-native_2.1.3.bb. 
I used the the checksums helpfully suggested by bitbake when it reported the errors. 

I compared one of the problematic tar balls with a “good” one from a previous download and the only change I could identify was 3 extra lines added to a hidden file .hgtag  (which I presume maps a tag to a commit). Not sure why requesting the same hg commit results in a different tarball output.

Now however iced tea fails to configure due to checksum errors. The configure task seems to re-download each tarball and check the sha256sum which is failing.

I’m not sure where to go from here to try and resolve so any more help is welcome.