[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: checksum fails on current openstack debian 9 image

On 23/04/20 9:02 pm, Marc-Antoine Bourgeot wrote:
> Hi everyone !
> 
> I just downloaded the latest openstack debian 9 image from a debian mirror using :
> https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
> 
> I also got the checksum and its signature :
> https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS
> https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS.sign 
> 
> 
> checksum's signature is good:
> 
> $ gpg --verify SHA256SUMS.sign
> gpg: assuming signed data in 'SHA256SUMS'
> gpg: Signature made dim. 29 mars 2020 16:40:45 CEST
> gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
> gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
> 
> 
> but checksum fails :
> 
> $ sha256sum -c SHA256SUMS --ignore-missing
> debian-9-openstack-amd64.qcow2: FAILED
> sha256sum: WARNING: 1 computed checksum did NOT match
> sha256sum: SHA256SUMS: no file was verified
> 
> 
> I've try to download a new copy (from the same mirror) but it still fails. The mirror I use is https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9
> 
> I couldn't manage to find another mirror to check if this copy only was altered, or all of them.
> 
> If anyone could verify that on its side and provide me a mirror that contain a valid image that would be awesome !

richard@zircon:~/temp$ wget
https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
--2020-04-23 22:00:19--
https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
Resolving cdimage.debian.org (cdimage.debian.org)... 2001:6b0:19::173,
2001:6b0:19::165, 194.71.11.173, ...
Connecting to cdimage.debian.org
(cdimage.debian.org)|2001:6b0:19::173|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location:
https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
[following]
--2020-04-23 22:00:21--
https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
Resolving caesar.ftp.acc.umu.se (caesar.ftp.acc.umu.se)...
2001:6b0:19::142, 194.71.11.142
Connecting to caesar.ftp.acc.umu.se
(caesar.ftp.acc.umu.se)|2001:6b0:19::142|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 591897088 (564M)
Saving to: ‘debian-9-openstack-amd64.qcow2’

debian-9-openstack- 100%[===================>] 564.48M  5.68MB/s    in
92s

2020-04-23 22:01:55 (6.16 MB/s) - ‘debian-9-openstack-amd64.qcow2’ saved
[591897088/591897088]

so from the same mirror.

richard@zircon:~/temp$ wget
https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS
--2020-04-23 22:01:26--
https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS
Resolving cdimage.debian.org (cdimage.debian.org)... 2001:6b0:19::165,
2001:6b0:19::173, 194.71.11.165, ...
Connecting to cdimage.debian.org
(cdimage.debian.org)|2001:6b0:19::165|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1010
Saving to: ‘SHA256SUMS’

SHA256SUMS          100%[===================>]    1010  --.-KB/s    in
0s

2020-04-23 22:01:27 (20.0 MB/s) - ‘SHA256SUMS’ saved [1010/1010]

richard@zircon:~/temp$ sha256sum -c SHA256SUMS --ignore-missing
debian-9-openstack-amd64.qcow2: OK

I didn't verify the signature (no public key?).

The checksum line is this:

c8bde8e267ea806a10ca04f05077bd83b804a376d7a60a9946bed65c540239a0
debian-9-openstack-amd64.qcow2

HTH,

Richard
Reply to: