Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso

To: Thomas Schmitt <scdbackup@gmx.net>, debian-cd@lists.debian.org, kibi@debian.org
Subject: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
From: Gerd Mühlenbruch <Gerd.Muehlenbruch@posteo.de>
Date: Mon, 3 Oct 2022 18:28:08 +0000
Message-id: <[🔎] 031af58f-d5be-3be7-4d44-5f8e72adf2b9@posteo.de>
In-reply-to: <[🔎] 1690396355866270995@scdbackup.webframe.org>
References: <[🔎] 76023fe2-2d6a-07c0-2ffc-50f5adeff380@posteo.de> <[🔎] 1690396355866270995@scdbackup.webframe.org>

Hi,

I think I found the reason.

While copying the logfile I remembered that I used wget twice with"-c" option. After downloading the first bytes, I remembered, that my batchterminal will close automatically. So I stopped my batch and started itagain in a terminal. Now "weg -c" continued to download the file.


I downloaded the file again at once and now the test works fine.

Many thanks

Gerd Mühlenbruch

 Just for information:

"cmp" showed a difference in size:

cmp debian-live-11.5.0-amd64-gnome.isoErr-debian-live-11.5.0-amd64-gnome.iso cmp: EOF on debian-live-11.5.0-amd64-gnome.iso after byte2910683136, in line 11367081

"ls" told the same:

-rw-r--r-- 1 ghdm ghdm 2911003302 Sep 10 13:49Err-debian-live-11.5.0-amd64-gnome.iso-rw-r--r-- 1 ghdm ghdm 2910683136 Sep 10 13:49debian-live-11.5.0-amd64-gnome.iso

Nevertheless I added LANG=C and run the pure test on the first iso filejust for translation.

===================================================================
gpg: Signature made Sun Sep 11 01:00:38 2022 CEST
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B

gpg: Good signature from "Debian CD signing key<debian-cd@lists.debian.org>" [unknown]

gpg: WARNING: This key is not certified with a trusted signature!

gpg: There is no indication that the signature belongs to theowner.

Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
===================================================================

===
debian-live-11.5.0-amd64-gnome.iso: FAILED
debian-live-11.5.0-amd64-gnome.log: OK
debian-live-11.5.0-amd64-gnome.packages: OK
sha512sum: WARNING: 1 computed checksum did NOT match
===================================================================
debian-live-11.5.0-amd64-gnome.iso: FAILED
debian-live-11.5.0-amd64-gnome.log: OK
debian-live-11.5.0-amd64-gnome.packages: OK
sha256sum: WARNING: 1 computed checksum did NOT match
===================================================================


On 03.10.22 13:06, Thomas Schmitt wrote:

Hi,

Gerd Mühlenbruch wrote:

Pfad="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid";
wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.iso
     sha512sum --ignore-missing -c SHA512SUMS
     debian-live-11.5.0-amd64-gnome.iso: FEHLSCHLAG

I did

   wget https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.5.0-amd64-gnome.iso

and got redirected to

   https://laotzu.ftp.acc.umu.se/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.5.0-amd64-gnome.iso
   Connecting to laotzu.ftp.acc.umu.se (laotzu.ftp.acc.umu.se)|2001:6b0:19::166|:443... connected.

The SHA512SUMS file came directly from

   https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/SHA512SUMS


The SHA512 of debian-live-11.5.0-amd64-gnome.iso is then

   450d09f1f1556effce4bc072ad395e45652aa40ed035b8ab35616c54fbef0c6edf803acb483ac25737b12bbae858277c1aa261eee36c4edf505a85c915d73c67

which matches the line in the SHA512SUMS file

   450d09f1f1556effce4bc072ad395e45652aa40ed035b8ab35616c54fbef0c6edf803acb483ac25737b12bbae858277c1aa261eee36c4edf505a85c915d73c67  debian-live-11.5.0-amd64-gnome.iso


So do you get a different SHA512 from your downloaded
debian-live-11.5.0-amd64-gnome.iso ?

Or does the downloaded SHA512SUMS file show a different SHA512 ?

---------------------------------------------------------------------------

     gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
     gpg:          Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört.
     Haupt-Fingerabdruck  = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

The true safety check is not whether the signature is supported by a
chain of trust, but whether it yields one of the fingerprints which are
listed on

   https://www.debian.org/CD/verify

In your case it has the fingerprint of

   pub   rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
         Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
   uid                  Debian CD signing key <debian-cd@lists.debian.org>

(Beware of alternative ways to express space characters when comparing
the strings automatically.)


Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

References:
- sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
  - From: Gerd Mühlenbruch <Gerd.Muehlenbruch@posteo.de>
- Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Sub: New mirror addition request for ~vern debian-cd mirror (https://mirror.vern.cc/debian-cd)
Next by Date: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
Previous by thread: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
Next by thread: Re: sha512sum-error at debian-live-11.5.0-amd64-gnome.iso
Index(es):
- Date
- Thread