Different sha256 every download

For an private package inside a private taps, we simply want to download a .tar.gz which is hosted on a Bitbucket server.

We got the sha256 via the command line using

sha256sum foo.tar.gz

and pasted it into the Formulas sha256 attribute.

When trying to install the package (which only is some directories really), we get an mismatched SHA256 error.
Now what’s really confusing is that after removing the downloaded file in


and trying to install again we get the same error again, but with an different sha256 hash.

So it seems like the sha256 by the downloaded .tar.gz differs every download.

Also when trying

brew fetch foo --build-from-source

we get a different sha256 every single time?

That means the download is different every time. Are you trying to download artifacts or a git checkout?

I’m not exactly sure what you mean by git checkout or artifacts.

Inside the formula I’m providing the link to a .tar.gz that bitbucket gives me when navigating to the archive and copying the link adress of the ‘raw file’ link.
If I click on that link I get my browser’s download popup.

It seems like the link is just wrong. I don’t know how brew handles the provided URL, but if I try downloading the archive with cURL using the same link it downloads an .html page…

Not sure if this still belongs here then.

Artifacts would be files associated with a certain release, while a git checkout would just be a dump of the repo at a certain point. I think you need to be authenticated though if I see your latest edit. In which case there isn’t a lot I can do to help.