Zarf Checksum failure about zarf HOT 8 CLOSED

I did verify we are running Zarf 0.26.2 in all locations so should have all matched

from zarf.

Interesting... The checksums are stored at the root of a zarf package and should always match the image layer SHA (hence the filename images/blobs/sha256/e543d039704a927686af50ee12c85b8e8fff304c933b202624bbc705cf60161a and the expected SHA e543d039704a927686af50ee12c85b8e8fff304c933b202624bbc705cf60161a matching each other). Have you observed flakiness where it starts working again? Or does it always fail once it starts to fail?

Also just to check, are you using the same Zarf version between package create and deploy?

Also if you really need to and want to push past this error you could run with --insecure though I would recommend only doing that on a test instance since there is a chance of there being a corrupted layer. Under the hood Zarf unpacks the package to the temporary directory of the system and afterwards checks the package checksums before proceeding - something could be going wrong during this unarchive/copy process. When Zarf fails it leaves these files behind for inspection and you could use zarf prepare sha256sum <filepath> to investigate the files more directly.

from zarf.

Interesting you say that. I have seen it to be that it will eventually work if you either do it enough times or I was also seeing I rebooted the machine it would work after reboot the first time. We actually tried to use - -insecure but that didn't seem to help. I will verify but I'm fairly certain our zarf versions matched as I was worried that could be a potential issue.

from zarf.

Rebooting the machine is an interesting symptom... Are you specifying --tmpdir at all or just using /tmp? If you run rm -rf /tmp/zarf-* does that have the same effect as rebooting?

from zarf.

(also looking at the code the --insecure flag help text is wrong (or at least misleading) we do disable the validation of signatures (and thus you can modify the checksums to match) but we still always look at the checksums if they are present - will make a note to update that)

from zarf.

No I am not specifying --tmpdir, so it would just be /tmp, I actually didn't realize until recently how much stuff was dumped into /tmp on failures, but I don't believe I ever tried to clear that out during a checksum failure. I know I did `rm -rf /tmp/zarf-*' at one point but I can't 100% recall if it was around the checksum time. Next time I see it though I will give that a try. I know we are a few releases behind, is there anything on the newer releases since 0.26.2 that would have fixed anything in regards to this?

from zarf.

There have been some minor refactors done to checksum handling in the intervening versions but there shouldn't have been any behavioral changes

from zarf.

Closing as stale.

If you are still seeing this issue @joelcomp1, feel free to re-open and provide the team w/ more info!

from zarf.