Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso

To: debian-cd@lists.debian.org
Cc: Gerd.Muehlenbruch@posteo.de
Subject: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Mon, 03 Oct 2022 13:06:14 +0200
Message-id: <[🔎] 1690396355866270995@scdbackup.webframe.org>
In-reply-to: <[🔎] 76023fe2-2d6a-07c0-2ffc-50f5adeff380@posteo.de>
References: <[🔎] 76023fe2-2d6a-07c0-2ffc-50f5adeff380@posteo.de>

Hi,

Gerd Mühlenbruch wrote:
> Pfad="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid";
> wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.iso
>     sha512sum --ignore-missing -c SHA512SUMS
>     debian-live-11.5.0-amd64-gnome.iso: FEHLSCHLAG

I did

  wget https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.5.0-amd64-gnome.iso

and got redirected to

  https://laotzu.ftp.acc.umu.se/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.5.0-amd64-gnome.iso
  Connecting to laotzu.ftp.acc.umu.se (laotzu.ftp.acc.umu.se)|2001:6b0:19::166|:443... connected.

The SHA512SUMS file came directly from

  https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/SHA512SUMS


The SHA512 of debian-live-11.5.0-amd64-gnome.iso is then

  450d09f1f1556effce4bc072ad395e45652aa40ed035b8ab35616c54fbef0c6edf803acb483ac25737b12bbae858277c1aa261eee36c4edf505a85c915d73c67

which matches the line in the SHA512SUMS file

  450d09f1f1556effce4bc072ad395e45652aa40ed035b8ab35616c54fbef0c6edf803acb483ac25737b12bbae858277c1aa261eee36c4edf505a85c915d73c67  debian-live-11.5.0-amd64-gnome.iso


So do you get a different SHA512 from your downloaded
debian-live-11.5.0-amd64-gnome.iso ?

Or does the downloaded SHA512SUMS file show a different SHA512 ?

---------------------------------------------------------------------------

>     gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
>     gpg:          Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört.
>     Haupt-Fingerabdruck  = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

The true safety check is not whether the signature is supported by a
chain of trust, but whether it yields one of the fingerprints which are
listed on

  https://www.debian.org/CD/verify

In your case it has the fingerprint of

  pub   rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
        Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
  uid                  Debian CD signing key <debian-cd@lists.debian.org>

(Beware of alternative ways to express space characters when comparing
the strings automatically.)


Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
  - From: Gerd Mühlenbruch <Gerd.Muehlenbruch@posteo.de>

References:
- sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
  - From: Gerd Mühlenbruch <Gerd.Muehlenbruch@posteo.de>

Prev by Date: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
Next by Date: Sub: New mirror addition request for ~vern debian-cd mirror (https://mirror.vern.cc/debian-cd)
Previous by thread: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
Next by thread: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
Index(es):
- Date
- Thread