Differing JAR Checksums Between Modrinth and Curseforge #126
Comments
|
Now that is super interesting, my build scripts should be building the file once and uploading the same file to both platforms, as well as my maven, could you ease compare the files from here https://maven.blamejared.com/com/blamejared/clumps/ And see which site they match with, I'm wondering if some site is doing weird things they shouldn't be. |
|
Clumps-fabric-1.20.2-13.0.0.1 from blamejared: 0076C660C637DF05E6D1981764AA8BC6E85F9C95065850D417E513FA5CF2266E The included .sha256 files from your repository also match these values. It is worth noting that, out of 36 1.20.1 mods that I have checked for a server deployment, only three have been different between Modrinth and an alternate source, Clumps included. The alternate source is usually Curseforge, but sometimes GitHub if there is no corresponding Curseforge release. The other 33 mods compute the same checksum from both sites. |
|
Could you please provide the name of those three mods, I would like to take a look at their build systems and see if I can see anything that is similar in mine. I also compared a few files of other mods from curseforge and modrinth and have not found other cases of differing hashes. |
|
Clumps, moborigins-1.11.1.jar, and shulkerboxtooltip-fabric-4.0.4+1.20.1.jar. All Fabric versions, and I haven't gotten around to checking any other releases of these mods yet. MobOrigins is nearly identical, but many bytes throughout the JAR file are 0x4B on the Modrinth release and 0x5B on the CurseForge release. They seem to be only different in file headers, though I won't pretend to know exactly what they are for. The META-INF is also different, as expected. Shulker Box Tooltip has a very different JAR layout (again, inspected in a hex editor) and is also 2 bytes smaller in the Modrinth release (1215693 vs 1215695 bytes). |
|
Here are the SHA256 checksums for my copies of both of those mods: moborigins-1.11.1.jar Curseforge: shulkerboxtooltip-fabric-4.0.4+1.20.1.jar CurseForge: |
|
From the sounds of it, those files are suffering from different issues. I have bought this up with the modrinth team and hopefully we can figure out what is going on, my guess is that my build system is building a new jar file, sending it to curseforge / maven, and then building a new jar file with the exact same content but in a way that makes the hashes different and sending that jar file to modrinth. The jar files should be safe from any of those sites, however if you would like some peace of mind in the mean time while I work with modrinth to figure this out, you can always extract the jar files and compare the hash of each individual file to ensure that they are the same |
Both
Clumps-fabric-1.20.1-12.0.0.3.jarandClumps-fabric-1.20.2-13.0.0.1.jarhave identical JAR file sizes but different checksums between their Modrinth and Curseforge downloads. Inspecting the file in a hex editor shows pretty large differences. Could an explanation be provided?Checksums all calculated by
7-zip 19.00 (x64) 2019-02-21via Windows Context Menu option. All are SHA256.Clumps-fabric-1.20.1-12.0.0.3 from Curseforge:
DDB1062AC855E465C7C27C99668AA18F5C6087CA391B6754EEB959220CC4DCDEClumps-fabric-1.20.1-12.0.0.3 from Modrinth:
EBE1D60192183F120D6D572B6EBE6562892A2783BC5A7F28A599497E10523B7EClumps-fabric-1.20.2-13.0.0.1 from CurseForge:
0076C660C637DF05E6D1981764AA8BC6E85F9C95065850D417E513FA5CF2266EClumps-fabric-1.20.2-13.0.0.1 from Modrinth:
E64F7CF56B65AA551B033CEE4DFE26D659293933C3B25DFA2778B0E96366D717The text was updated successfully, but these errors were encountered: