Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso

[Cyril Brulebois <kibi@debian.org>]

Hallo Gerd,

Please set something like LC_ALL=C, not everybody understands German. :)

Gerd Mühlenbruch <Gerd.Muehlenbruch@posteo.de> (2022-10-03):
> Today I downloaded the present debian-live-11.5.0-amd64-gnome.iso via my
> prepared script
> *********
> Optionen="-c -nv --show-progress --limit-rate=800k -a Ziele.log"
> Pfad="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid";
> wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.iso
> wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.log
> wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.packages
> rm SHA512SUMS
> rm SHA512SUMS.sign
> wget $Optionen $Pfad/SHA512SUMS
> wget $Optionen $Pfad/SHA512SUMS.sign
> *********
> 
> The final check
>     sha512sum --ignore-missing -c SHA512SUMS
> resulted into
>     debian-live-11.5.0-amd64-gnome.iso: FEHLSCHLAG
>     debian-live-11.5.0-amd64-gnome.log: OK
>     debian-live-11.5.0-amd64-gnome.packages: OK
>     sha512sum: WARNUNG: 1 berechnete Prüfsumme passte NICHT
> It was my first failed check.

I downloaded the same ISO, and SHA{256,512}SUMS with Firefox, and both
validate.

For the record, that's what I'm seeing:

    3efed2698da7fab0218a505eb504410d4cd9c7bc09478483bdbb3c593013b371  debian-live-11.5.0-amd64-gnome.iso
    450d09f1f1556effce4bc072ad395e45652aa40ed035b8ab35616c54fbef0c6edf803acb483ac25737b12bbae858277c1aa261eee36c4edf505a85c915d73c67  debian-live-11.5.0-amd64-gnome.iso

> Already since some years, the check
>     gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
> reports that the key doesn't have a trusted signature
>     gpg: Signatur vom So 11 Sep 2022 01:00:38 CEST
>     gpg:                mittels RSA-Schlüssel
> DF9B9C49EAA9298432589D76DA87E80D6294BE9B
>     gpg: Korrekte Signatur von "Debian CD signing key
> <debian-cd@lists.debian.org>" [unbekannt]
>     gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
>     gpg:          Es gibt keinen Hinweis, daß die Signatur wirklich dem
> vorgeblichen Besitzer gehört.
>     Haupt-Fingerabdruck  = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294
> BE9B
> This may be my own problem, because I haven't got a book to learn gpg.

The English version:

    $ gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
    gpg: Signature made Sun 11 Sep 2022 01:00:38 CEST
    gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
    gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

The important part is that the signature is correct. The warning is
about your not having set a level of trust for the signing key. That's
not a problem.


Cheers,
-- 
Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature