As can be seen in the commit history[1] of the upstream perforce.rb in homebrew-cask the upstream perforce package URL and its SHA-256 are aren't a unique pair. The upstream will start publishing an updated package at the same URL as the previous version, causing the CI to routinely fail with errors like: ==> Downloading https://cdist2.perforce.com/perforce/r21.2/bin.macosx1015x86_64/helix-core-server.tgz Error: SHA256 mismatch Expected: ffc757b9d4d0629b2594e2777edfb18097825e29c70d8f33a444c7482d622806 Actual: 37bc306f0bdfd1d63cfcea113ada132d96f89d53cbb20c282735d51d06223054 Once someone gets around to updating the perforce.rb the failure of git's CI will be cleared up, but in the meantime all osx-{gcc,clang} jobs will encounter hard failures. Let's not be so anal about this and fallback to a "sha256 :no_check" on failure. We are already downloading arbitrary binaries from perforce's servers, and the point of doing so is to run the t/*-git-p4-*.sh tests, not to validate the chain of custody between perforce.com and the homebrew-cask repository. In the obscure (but unlikely to ever happen) that the failure is specifically because perforce.com published a bad updated package, and it a failure that their testing wouldn't have caught, but whoever's updating the homebrew SHA-256 recipe would have caught, we will have a failure in our p4 tests that we wouldn't have otherwise had. But I think that's so unlikely that we don't need to worry about it, whereas seeing failures due to the homebrew recipe lagging upstream is a real issue. E.g. "seen"'s latest push-out has such a failure: [3] Note: It's probably possible to embed this "sed" one-liner directly in the HOMEBREW_EDITOR variable, i.e.: HOMEBREW_EDITOR='...' brew edit perforce But my attempts to do so were unsuccessful, particularly since I don't have access to a Mac OS X machine other than via by round-tripping through the CI. This version of getting the path via --print-path works, and is arguably easier to reason about and debug than a cute one-liner. 1. https://github.com/Homebrew/homebrew-cask/commits/master/Casks/perforce.rb 2. https://docs.brew.sh/Cask-Cookbook#required-stanzas 3. https://github.com/git/git/runs/6104156856?check_suite_focus=true --- ci/install-dependencies.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ci/install-dependencies.sh b/ci/install-dependencies.sh index 82fa87f97af..540deab4488 100755 --- a/ci/install-dependencies.sh +++ b/ci/install-dependencies.sh @@ -37,7 +37,13 @@ macos-latest) test -z "$BREW_INSTALL_PACKAGES" || brew install $BREW_INSTALL_PACKAGES brew link --force gettext - brew install perforce + brew install perforce || { + echo Installing perforce failed, assuming and working around SHA256 mismatch >&2 && + + path=$(brew edit --print-path perforce) && + sed -i -e 's/\(sha256.\).*/\1:no_check/' "$path" && + brew install perforce + } if test -n "$CC_PACKAGE" then -- 2.36.0.893.g80a51c675f6
