Update failing uniqueness check

Hello,

I’m using a github action to check for security notices (via review-tools.check-notices). If there are any security notices on the published snap, a new version is automatically built and published.

However, it has started failing on the upload step with this error:

- binary_sha3_384: A file with this exact same content has already been uploaded

https://github.com/Imberflur/veloren-snap/actions/runs/3110325353

The security notice triggering the rebuild is:

      "libjpeg-turbo8": [
        "5631-1"
      ],

I checked the build logs for the latest builds for the edge and beta channels (NOTE channels above beta are currently not used: https://snapcraft.io/veloren). For both of these libjpeg-turbo8_2.0.3-0ubuntu1.20.04.1_amd64.deb appears in the logs and running review-tools.check-notices on them locally yields the same security notice. However, the first security update build has a newer version libjpeg-turbo8_2.0.3-0ubuntu1.20.04.3_amd64.deb in its logs even though it fails with the error above when it gets to the publish step.

So, I want to understand what is causing this error when uploading to the store since it seems like there should be no snap with the same content already there.

1 Like

Hi - this is not really a store error - the store is just telling you that the exact same file (by hash) has already been uploaded. I would look at your build/upload pipeline to see why it’s somehow building and trying to upload an identical snap. Another thing you can do is check your list of revisions and publish the desired one manually, though I don’t know if that’ll keep your pipeline from trying to upload the same one again.

  • Daniel

Thanks for the response.

I looked further into this by adding a step in the CI to log the hash of the file beforehand (I think I didn’t do this beforehand because I wasn’t sure exactly what part the store was hashing) and it did match one already in the store. It turns out that timsueberkrueb/action-check-snap@master leaves the snap that was downloaded for checking review notices in the working directory and then snapcore/action-build@v1 picks that up as the output snap instead of the newly built one https://github.com/snapcore/action-build/blob/a627c9589b868a9f0224614ab79fb2cffad84b63/src/build.ts#L92 (so later steps that use ${{ steps.build.outputs.snap }} were not actually using the newly built snap).

The build action actually prints out a warning but it is way at the end of couple thousand lines of output so I didn’t see it.