Summary

SHA1 Error prevents you to publish packages for Google Chrome or other commercially available software.

Symptoms

When attempting to publish a package, SVM  returns an error stating that it could not verify the SHA1 checksum of the package. As part of the error, you can see a download link pointing to the file location as being hosted by Flexera. Here is how the error looks like:

Cause

The problem is caching of old invalidated URLs which leads to incorrect download links presented in the SVMinterface.

Resolution

The error message contains a download URL, which is actually the newest download link hosted at Flexera. To solve the issue, copy the URL from the error message, then do the following:

• Begin creating a new SPS package
• At step 1 of SPS, enable 'Edit Package Content' checkbox
• At step 2, right-click on the existing link and select 'Edit'
• Replace the default download link with the one you've copied from the error message.
• Configure the rest of the package and publish it

Workaround

Another way of doing this is to use the copied download link to download the physical file locally to your system. Then, edit the new package that you would be creating similarly to the above example, but instead of Editing the download link - remove it entirely. 

Finally, use the 'Add Local File' button to browse to the file you downloaded and then import it to the SVM's SPS interface. Publish your package after you configure all other desired package settings.