cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

`NPM install` integrity check failure on Linux

integrity checksum failed when using sha1: wanted sha1-SdstUAFQuOSM8Wed69GwsB/wLx8= but got sha1-bocDAWWpWcjMh/14FCG4/eDNOZM=

That is the exact error I get.

That checksum is from my package-lock.json file

"appdynamics-zmq": {
"integrity": "sha1-SdstUAFQuOSM8Wed69GwsB/wLx8="
}

 

That chechsum was generated on OSX. BUT, it's a file. Its hash should be the same on any platform because it's the same file being downloaded.

 

From the NPM documentation (source: https://docs.npmjs.com/files/package-lock.json)

 

> For remote tarball sources this is an integrity based on a SHA512 of the file.

 

Therefore the only explaination that I can think of is that the appDynamics server is serving a different file to my Linux machine than it serves to my OSX machine...

 

12 REPLIES 12

Ray.Waldock
AppDynamics Team

Hi,

 

packages.appdynamics.com serves the file based on the provided user-agent string.

 

For additional information see: https://community.appdynamics.com/t5/Knowledge-Base/Advanced-NPM-Guide-for-the-AppDynamics-Node-js-A...

That would explain it. But then the issue is that the server doing that is incompatible with using a package-lock.json file and deploying on a different platform than the one that a developer develops on... The integrity check will fail every time...

Kyle.Furlong
AppDynamics Team (Retired)

Hi Marc,

 

That's correct, we currently do not support lockfiles with our install workflow, due to the nature of our native dependencies. One way to deploy AppD if you want to keep using lockfiles would be to install our package once globally for each instrumented machine. This would make the agent available to every app on the machine, without having to worry about whether you copied the right one over from dev/build.

 

Regards,

Kyle

Thanks,
Kyle Furlong, Technical Lead (C++ and Dynamic Languages)




Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

Hi Kyle

 

I realise this is an old post, but this issue is causing us all sorts of problems.

 

We develop on Mac machines, have our CI running in Linux and Windows and deploy to Windows (Azure).

 

Our deployment relies on the package-lock.json file and the appdynamics dependencies are causing us a big headache.

 

Is there any way that you could do something similar to the Cylon project who have multi-platform precompiled dependencies? They have documented their process in a fair amount of detail and a resulting package is node-opencv 

 

Thank you!

 

Adam

Kyle.Furlong
AppDynamics Team (Retired)

Hi Adam,

 

Thanks for your interest in finding a solution. The package-lock file is definitely one that's been tricky since it came out, but one for which we've found multiple solutions.

 

I've skimmed through the Cylon.js post, and it looks like they do something very similar to what we provide, except they leverage node-pre-gyp to automate some of the bookkeeping. In essence both their solution and our solution provide pre-compiled binaries for your particular system by calculating your Node.js version, OS, and architecture, and downloading a pre-built binary at install time.

 

As I mentioned in the previous post, a lot of our customers are moving towards thinking about the appdynamics package as a service that is provided on a particular machine, not as an integral dependency in the package.json for a particular app. So the deployment process is about installing the agent globally on a target machine with npm install -g appdynamics. This avoids any package-lock issue, as well as ensuring you have the right binaries for the system. To make this work smoothly, we simply want to add an environment variable gatekeeper so that you can ensure not to call the instrumentation when the package isn't present:

 

if (process.env.APPD_ENABLED === 'true') {
  require('appdynamics').profile({
    ...
  });
}

What are your thoughts? We can explore other solutions in case this one is out of reach for any reason.

 

Regards,

Kyle

Thanks,
Kyle Furlong, Technical Lead (C++ and Dynamic Languages)




Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

Hi Kyle,

Thanks for getting back so quickly.

I hadn’t thought of putting the appdynamics require behind an environment variable switch — that makes a lot more sense of making it a per-machine installation.

One issue that this leaves outstanding for me is the issue of keeping the appdynamics client versions in sync with the central server. If we upgrade our appdynamics central server, at what point will we need to update the appdynamics clients?

Thank again,

Adam

Kyle.Furlong
AppDynamics Team (Retired)

Well, so our central server (what we call the controller), typically offers backwards compatibility for agents. Meaning a 4.4.x controller will support any 4.4.x and previous agents. Also! With 4.5 we're relaxing the forward compatibility restriction. 4.5+ agents will now work with any 4.4.x controllers. I would expect this going foward as well.

 

Long story short, if you're already on a 4.4 controller, you can and should just use the latest Node.js package.

Thanks,
Kyle Furlong, Technical Lead (C++ and Dynamic Languages)




Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

Excellent news. Thank you very much!

Kyle.Furlong
AppDynamics Team (Retired)

No problem! Don't hesitate to reach out again in case you need anything.

Thanks,
Kyle Furlong, Technical Lead (C++ and Dynamic Languages)




Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.