Checksum mismatch error when uploading a snap to the store

2.34 is quite an old version of snapcraft, is this reproducible with snapcraft 2.40 (snap install snapcraft)?

Can you share either your snapcraft.yaml or your .snap?

afaik indeed snapcraft started passing all the relevant options to mksquashfs only since 2.38

it seems the squashfs might carry information about how it was built (flags used), so we could check them and also tell in the error that a too old snapcraft or something was used:

$ unsquashfs -s /var/lib/snapd/snaps/core_4443.snap
Found a valid SQUASHFS 4:0 superblock on /var/lib/snapd/snaps/core_4443.snap.
Creation or last append time Wed Apr 11 17:24:03 2018
Filesystem size 88629.63 Kbytes (86.55 Mbytes)
Compression xz
Block size 131072
Filesystem is exportable via NFS
Inodes are compressed
Data is compressed
Fragments are not stored
Xattrs are not stored
Duplicates are removed
Number of fragments 0
Number of inodes 12819
Number of ids 19

I didn't investigate properly but I think "Fragments are not stored" might relate to the required -no-fragments options.

Hey Adam. If old versions of snapcraft are not going to be accepted, can the store parse the snapcraft version out of the push request [1] and reply with a suitable error message? Something like:

Sorry, the version of snapcraft used to create this snap was too old. Please refresh your installation of snapcraft and re-create the snap.

1: https://github.com/snapcore/snapcraft/blob/40aec20bf672056c86f963a5aad4a2409e4c90b4/snapcraft/storeapi/_agent.py#L34

Please upgrade to the latest snapcraft and rebuild (2.34 is too old). I can adjust the review-tools for the error.

Updated the snapcraft to 2.40 and it works fine now. Thank you all for troubleshooting.

FYI, I've just committed (r1024) a short-circuit test to detect if fragments are not used:

$ PYTHONPATH=./ ./bin/click-review ./tests/test-no-fragments_4.snap
Errors
------
 - security-snap-v2:squashfs_fragments
 The squashfs was built without '-no-fragments'. If using snapcraft, please upgrade to at least 2.38 and rebuild. Otherwise, please ensure the snap is built using 'mksquashfs <dir> <snap> -noappend -comp xz -all-root -no-xattrs -no-fragments'
./tests/test-no-fragments_4.snap: FAIL
[2]

and if the resquash fails for some other reason:
$ PYTHONPATH=./ ./bin/click-review ./tests/test-void-dir_0.1_all.snap
Errors
------
 - security-snap-v2:squashfs_repack_checksum
 checksums do not match. Please ensure the snap is created with either 'snapcraft pack <DIR>' (using snapcraft >= 2.38) or 'mksquashfs <dir> <snap> -noappend -comp xz -all-root -no-xattrs -no-fragments'
./tests/test-void-dir_0.1_all.snap: FAIL
[2]

FYI, while the newer version of the review tools is finding its way to production, I've created the following forum topic: https://forum.snapcraft.io/t/automated-reviews-and-snapcraft-2-38/4982

I'm getting those errors with automated builds of the chromium snap, which are performed by launchpad, and according to the logs it is using snapcraft 2.40 (see e.g. https://code.launchpad.net/~chromium-team/+snap/chromium-snap-stable/+build/193033).

@Olivier, your issue is that chromium has a setuid chrome-sandbox. This can't resquash without fakeroot or similar. r1022 will allow chromium to pass automated review, but the store only has r1021.