Conan package snapshot returns unexpected value
Summary
When multiple packages are uploaded for a given version, recipe snapshot returns the oldest MD5. This casues conan upload
to fail if the download cache is enabled.
Steps to reproduce
- Publish a package to the same version multiple times, ensuring the md5 of
conanfile.py
is changed. As an example I have downloaded all conanfile.py for my package at a given version:
❯ md5sum conanfile*.py
34b86e2e4cdd61ba10d55dd4f4357cc9 conanfile(1).py
34b86e2e4cdd61ba10d55dd4f4357cc9 conanfile(2).py
34b86e2e4cdd61ba10d55dd4f4357cc9 conanfile(3).py
f9b5596034f640728b9221a30a78bc02 conanfile.py
- Configure cache:
conan config set storage.download_cache=~/.cache/conan/download
- Re-create the package at the same version locally:
conan create <path> <package> -r gitlab
- Run the upload command, note actual upload can be skipped to avoid writing to remote:
export CONAN_V2_MODE=1
conan upload <package> -r gitlab --all --skip-upload
What is the current bug behavior?
For my example conan issues an error:
ERROR: binutils/2.38@build+conan/main: Upload recipe to 'gitlab' failed: md5 signature failed for '136cb58bda00bdc6c6451e3adf1f555f20677601e664c299b2310dafc66b2dcd' file.
Provided signature: f9b5596034f640728b9221a30a78bc02
Computed signature: 34b86e2e4cdd61ba10d55dd4f4357cc9. [Remote: gitlab]
This is because the API endpoint https://<gitlab_url>/api/v4/packages/conan/v1/conans/binutils/2.38/build+conan/main
issues the outdated signature for the snapshot.
What is the expected correct behavior?
I believe this would be resolved if https://<gitlab_url>/api/v4/packages/conan/v1/conans/binutils/2.38/build+conan/main
returns the snapshot for the most recently uploaded version.
Possible fixes
Alternatively we could prevent this with #293750 or by migrating to V2 (#333033).
Note that disabling the Conan download cache is one way to workaround this issue.
GitLab Enterprise Edition 15.1.3-ee
Edited by Lukasz Okraszewski