'Azure DevOps Pipeline - dotnet restore Package Content Hash Validation Fails
I have setup a build pipeline in Azure DevOps for my Function App that takes advantage of nuget caching and thus the package.lock.json file. However, I keep running into package validation hash issues such as these:
Package content hash validation failed for Microsoft.Extensions.DependencyInjection.2.2.0. Expected: ASF77AJjnyi9hL7IJU1KCAvnCTgI3JEwkU+D4gnKd53nFIYpibVjR6SW8tdTkkuZ+QkmIx2rPvKdTMNVPfVU9A== Actual: MZtBIwfDFork5vfjpJdG5g8wuJFt7d/y3LOSVVtDK/76wlbtz6cjltfKHqLx2TKVqTj5/c41t77m1+h20zqtPA==
Package content hash validation failed for Microsoft.Extensions.DependencyInjection.Abstractions.2.2.0. Expected: 2xMk9LHz1EY+7gVG0lG4qBvkUiVjg8QNPqd2HYmEP5+PL7Ayo96EhBieAhd++Gx4yM+xN8kNqmhZdFMBHeG0HQ== Actual: f9hstgjVmr6rmrfGSpfsVOl2irKAgr1QjrSi3FgnS7kulxband50f2brRLwySAQTADPZeTdow0mpSMcoAdadCw==
Package content hash validation failed for runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl.4.3.0. Expected: c3YNH1GQJbfIPJeCnr4avseugSqPrxwIqzthYyZDN6EuOyNOzq+y2KSUfRcXauya1sF4foESTgwM5e1A8arAKw== Actual: LdIvj7Bi2jiaNTqY/ezZGVXHe1KI5fjLSI026O1TjVzsmdgTP/zTF+f3nwHCjwttyhsPBEiswv0PekimPWZwWg==
Package content hash validation failed for runtime.native.System.IO.Compression.4.3.0. Expected: INBPonS5QPEgn7naufQFXJEp3zX6L4bwHgJ/ZH78aBTpeNfQMtf7C6VrAFhlq2xxWBveIOWyFzQjJ8XzHMhdOQ== Actual: b+V9JC/Ii3sR659flBeaBJww111425tgjcDS1k+hqV4sGh9FALRDBvJnDtQ895gAzpPTUOFDHdqaZ2Et7BpZMg==
Package content hash validation failed for runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple.4.3.0. Expected: kVXCuMTrTlxq4XOOMAysuNwsXWpYeboGddNGpIgNSZmv1b6r/s/DPk0fYMB7Q5Qo4bY68o48jt4T4y5BVecbCQ== Actual: Kh9W4agE0r/hK8AX1LvyQI2NrKHBL8pO0gRoDTdDb0LL6Ta1Z2OtFx3lOaAE0ZpCUc/dt9Wzs3rA7a3IsKdOVA==
Package content hash validation failed for runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl.4.3.0. Expected: ytoewC6wGorL7KoCAvRfsgoJPJbNq+64k2SqW6JcOAebWsFUvCCYgfzQMrnpvPiEl4OrblUlhF2ji+Q1+SVLrQ== Actual: JGc0pAWRE8lB4Ucygk2pYSKbUPLlAIq6Bczf5/WF2D/VKJEPtYlVUMxk8fbl1zRfTWzSHi+VcFZlaPlWiNxeKg==
Package content hash validation failed for System.Collections.Specialized.4.3.0. Expected: Epx8PoVZR0iuOnJJDzp7pWvdfMMOAvpUo95pC4ScH2mJuXkKA2Y4aR3cG9qt2klHgSons1WFh4kcGW7cSXvrxg== Actual: NoPBj0ykejqAWW4p4gGtrrL+3c84ZLSvGnHgq422ew1Rj4WKj1FA8/BCybqC111EtgcqUl6ZJNFYYS22HLgbjA==
Package content hash validation failed for System.ComponentModel.Annotations.4.4.0. Expected: wohleA9W059afFBm49G4cNZJiPK5KShuC+fWxMp3wiugD/aYL7n9zmtvv8wQlh8brOca0GGROSBnz77dtwJbXQ== Actual: 29K3DQ+IGU7LBaMjTo7SI7T7X/tsMtLvz1p56LJ556Iu0Dw3pKZw5g8yCYCWMRxrOF0Hr0FU0FwW0o42y2sb3A==
Package content hash validation failed for System.Runtime.Serialization.Json.4.3.0. Expected: Ma/DVHfRcOcgQFHVGafUrT7hT1IitsnmUjpNZG5xJCYrI/8wfaYKGYNZycxQyl9Nk+9IAJiMJE6RFuavRQ2WEg== Actual: CpVfOH0M/uZ5PH+M9+Gu56K0j9lJw3M+PKRegTkcrY/stOIvRUeonggxNrfBYLA5WOHL2j15KNJuTuld3x4o9w==
Package content hash validation failed for System.Runtime.Serialization.Primitives.4.3.0. Expected: Wz+0KOukJGAlXjtKr+5Xpuxf8+c8739RI1C+A2BoQZT+wMCCoMDDdO8/4IRHfaVINqL78GO8dW8G2lW/e45Mcw== Actual: 2Z5t70a2SwMsfQDp9KOclaZNyQhfIga2gppq9lIUDM1A4ohTshn4JqT7ir8bvIhXgorWKYDAr6rPzEbi/nTGKg==
Package content hash validation failed for System.Security.Cryptography.Csp.4.3.0. Expected: X4s/FCkEUnRGnwR3aSfVIkldBmtURMhmexALNTwpjklzxWU7yjMk7GHLKOZTNkgnWnE0q7+BCf9N2LVRWxewaA== Actual: yO2k5o+Z+DiFRBvvB9vdRRAGHi6bm02M9OWXfCqQ8K0UxD3Woc3svQheZfb7PoTEFs0kGacO0IzzMWsb6Mkeow==
Package content hash validation failed for System.Security.Cryptography.OpenSsl.4.3.0. Expected: h4CEgOgv5PKVF/HwaHzJRiVboL2THYCou97zpmhjghx5frc7fIvlkY1jL+lnIQyChrJDMNEXS6r7byGif8Cy4w== Actual: vOYy7Jv9KsG3ld2hLt0GoERd82SZi4BelrbXLwI9yFBYX7kpbvUCWYo4eyevk47cuJXZ9ZLVAryANcc7iY71aA==
Conceptually, I know they are happening because the content hashes my machine is putting in the lock file when I add/update packages are different than the build agent (windows-latest) is calculating. But why are they different?
How do I go about resolving this problem beyond c/p the hashes the build agent is looking for into the lock file? I currently have the latest VS 2019 Enterprise installed (16.5.5).
In addition, here is the yml file I'm using if it helps/
name: $(Date:yyyy.MMdd)$(Rev:.r)
trigger:
batch: true
branches:
include:
- deploy/ConfigurationAPI
paths:
include:
- server/functions/ConfigurationAPI/*
variables:
NUGET_PACKAGES: $(Pipeline.Workspace)/.nuget/packages
ArtifactName: BuildResult
AzureSubscription: StellaNovaAzureResources
FunctionName: stellanovaconfigurationapi
ResourceGroupName: Shared-ResourceGroup-WestUS
SlotName: deployment
stages:
- stage: Build
jobs:
- job: BuildApp
displayName: Build ConfigurationAPI
pool:
vmImage: 'windows-latest'
steps:
- task: Cache@2
displayName: Cache NuGet packages
inputs:
path: $(NUGET_PACKAGES)
key: 'nuget | "$(Agent.OS)" | **/packages.lock.json,!**/bin/**'
restoreKeys: nuget | "$(Agent.OS)"
cacheHitVar: CACHE_RESTORED
- task: DotNetCoreCLI@2
displayName: Restore NuGet packages
inputs:
command: restore
arguments: '--locked-mode --packages $(NUGET_PACKAGES)'
projects: 'server/functions/ConfigurationAPI/ConfigurationAPI.csproj'
- task: DotNetCoreCLI@2
displayName: Build Function
inputs:
command: publish
arguments: '--configuration Release --no-restore --output buildoutput'
projects: 'server/functions/ConfigurationAPI/ConfigurationAPI.csproj'
publishWebProjects: false
modifyOutputPath: false
zipAfterPublish: false
- task: PublishSymbols@2
displayName: Publish Symbols
inputs:
SearchPattern: '**/bin/**/*.pdb'
SymbolServerType: 'TeamServices'
SymbolsProduct: 'StellaNova.ConfigurationAPI'
DetailedLog: false
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: '$(System.DefaultWorkingDirectory)/buildoutput'
includeRootFolder: false
archiveFile: '$(System.DefaultWorkingDirectory)/$(Build.BuildNumber).zip'
- publish: $(System.DefaultWorkingDirectory)/$(Build.BuildNumber).zip
artifact: $(ArtifactName)
- stage: Release
condition: ne(variables['Build.Reason'], 'PullRequest')
jobs:
- job: DeployApp
displayName: Deploy ConfigurationAPI
pool:
vmImage: 'windows-latest'
steps:
- download: current
artifact: BuildResult
- task: AzureFunctionApp@1
displayName: Deploy to slot
inputs:
azureSubscription: '$(AzureSubscription)'
resourceGroupName: '$(ResourceGroupName)'
appType: functionApp
appName: '$(FunctionName)'
deployToSlotOrASE: true
slotName: '$(SlotName)'
package: '$(Pipeline.Workspace)/$(ArtifactName)/$(Build.BuildNumber).zip'
appSettings: -RefreshSentinelKey RefreshSentinel -AppEnvironment DEV
Solution 1:[1]
This is because of different implementation of hash function on different OSes.
Please check out this proposed solution on GitHub.
You can also read about this in my blog. I decided to create lock json file on host agent publish it and checked in into source control. I know that this is a plenty of work. But I really want to have the same file not generated each time like it is presented in GitHub solution.
Solution 2:[2]
This can also happen when the source of the package is actually different. In my case it happened when switching from a local NuGet package source to one hosted in Azure DevOps. My local machine was still using the old source, while Azure DevOps builds were using the new source.
Removing the local source from Visual Studio and clearing the NuGet cache solved the issue (after checking in the newly generated packages.lock.json
files to source control).
Hope this helps someone in the future.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Krzysztof Madej |
Solution 2 | veuncent |