Re: checksum fails on current openstack debian 9 image
On 23/04/20 9:02 pm, Marc-Antoine Bourgeot wrote:
> Hi everyone !
>
> I just downloaded the latest openstack debian 9 image from a debian mirror using :
> https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
>
> I also got the checksum and its signature :
> https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS
> https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS.sign
>
>
> checksum's signature is good:
>
> $ gpg --verify SHA256SUMS.sign
> gpg: assuming signed data in 'SHA256SUMS'
> gpg: Signature made dim. 29 mars 2020 16:40:45 CEST
> gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
> gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
>
>
> but checksum fails :
>
> $ sha256sum -c SHA256SUMS --ignore-missing
> debian-9-openstack-amd64.qcow2: FAILED
> sha256sum: WARNING: 1 computed checksum did NOT match
> sha256sum: SHA256SUMS: no file was verified
>
>
> I've try to download a new copy (from the same mirror) but it still fails. The mirror I use is https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9
>
> I couldn't manage to find another mirror to check if this copy only was altered, or all of them.
>
> If anyone could verify that on its side and provide me a mirror that contain a valid image that would be awesome !
richard@zircon:~/temp$ wget
https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
--2020-04-23 22:00:19--
https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
Resolving cdimage.debian.org (cdimage.debian.org)... 2001:6b0:19::173,
2001:6b0:19::165, 194.71.11.173, ...
Connecting to cdimage.debian.org
(cdimage.debian.org)|2001:6b0:19::173|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location:
https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
[following]
--2020-04-23 22:00:21--
https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2
Resolving caesar.ftp.acc.umu.se (caesar.ftp.acc.umu.se)...
2001:6b0:19::142, 194.71.11.142
Connecting to caesar.ftp.acc.umu.se
(caesar.ftp.acc.umu.se)|2001:6b0:19::142|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 591897088 (564M)
Saving to: ‘debian-9-openstack-amd64.qcow2’
debian-9-openstack- 100%[===================>] 564.48M 5.68MB/s in
92s
2020-04-23 22:01:55 (6.16 MB/s) - ‘debian-9-openstack-amd64.qcow2’ saved
[591897088/591897088]
so from the same mirror.
richard@zircon:~/temp$ wget
https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS
--2020-04-23 22:01:26--
https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS
Resolving cdimage.debian.org (cdimage.debian.org)... 2001:6b0:19::165,
2001:6b0:19::173, 194.71.11.165, ...
Connecting to cdimage.debian.org
(cdimage.debian.org)|2001:6b0:19::165|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1010
Saving to: ‘SHA256SUMS’
SHA256SUMS 100%[===================>] 1010 --.-KB/s in
0s
2020-04-23 22:01:27 (20.0 MB/s) - ‘SHA256SUMS’ saved [1010/1010]
richard@zircon:~/temp$ sha256sum -c SHA256SUMS --ignore-missing
debian-9-openstack-amd64.qcow2: OK
I didn't verify the signature (no public key?).
The checksum line is this:
c8bde8e267ea806a10ca04f05077bd83b804a376d7a60a9946bed65c540239a0
debian-9-openstack-amd64.qcow2
HTH,
Richard
Reply to: