BTS

Issue1348

Issues
Show Unassigned
Show Release Stoppers
Show Testing candidates
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Title ISO file hash mismatch
Priority bug Status wont-fix
Superseder Nosy List hackan, mika
Assigned To mika Topics

Created on 2015-04-27.02:34:07 by hackan, last changed 2015-04-27.07:47:50 by mika.

Files
File name Uploaded Type Edit Remove
smime.p7s hackan, 2015-04-27.02:34:07 application/pkcs7-signature
unnamed hackan, 2015-04-27.02:34:07 text/html
Messages
msg4948 (view) Author: mika Date: 2015-04-27.07:47:50 
Hi,

the "Hash: SHA256" is coming from the GPG signature, it's unrelated to the
checksum of the sha1/sha256/md5sum (files).
There's nothing wrong in the setup, though it's unfortunate that GPG is adding
this Hash message, but AFAICS there's nothing we can do about it. Just don't let
yourself get confused by it. :)

regards,
-mika-
msg4947 (view) Author: hackan Date: 2015-04-27.02:34:07 
Hello!
I downloaded the ISO grml96-full_2014.11.iso from the torrent I got
here: https://grml.org/download/
(http://download.grml.org/grml96-full_2014.11.iso.torrent), and then
check the hash with the one found here:
http://download.grml.org/grml96-full_2014.11.iso.sha1.asc

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ea7204ed77fa3df3a4ed68e3b8e2ad6f95d5242d  grml96-full_2014.11.iso

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

iQIcBAEBCAAGBQJUZyrIAAoJEJaoeHK36jc39VMP/Rtu+jR30Y4Rq4LSwO0q8fvR
P/j0ZGd9GcKzgNBMTh/s1Ea+e4g2VCGZSnXktdi/UYAPAjhGyNAeXQ3X2hzLLNaE
p9hu9BsGxJIIBkYBV45hPtmxXFl+POXFZMacW7nuIqZR2cbBxDbtJQXb4W6iK/Hg
kwknj9VHlVcU+pg3awUyQJVYPmv30w7CHgiFGG3+KstEYuG4gIRK5ICCu9zit+Rs
l8M5JPe6PxvOMthhV9yHWm9ue8RL1xFoKkQizuJ7Np16FqPbYOrtgmBl3+vOBl7o
u1tomtptRE7gZCdVNpwnF8g2RZZusNsXnfzsxR4SJ78KTU9ueoqQVCxWCvnFSzlV
udCT2sOFBGu8DAMlAJ5ZRRVb/VSARVWCMmn/OhXWFfhdAIEGNYw9DfBqwaKaj8k1
GRZbtfHnHL6EEHzGWboIDDg2qjEsEJwz9OQXOsvOqds7SiYRglknPy9wMl7O//WX
g8RkvihoHgYBGHaqxIVeZWAhY8+2y93ZCZyTM5WXvEdYua7X/e/nJyqSrTZXCr3M
tw3LgxUSzpejdh/mGosEMsY2HXAoE0ruDbB+jmWvGEPxPLQEaYFIjjyenPQtAt5T
jqlNGAX5oJ3wlMjmXOyylTYgiDHaMSCyFYPC0vpMLtAgsP6d9PwiM/+6/vvDgLkA
9bmmAI7yg/Rho9hRSlS+
=6L94

-----END PGP SIGNATURE-----

First I checked the signature, which was OK. Then I run sha256sum on my
file and got:

hackan@hc-vision-black:/mnt/Downloads/Downloads/0Utils/Linux/grml$ sha256sum grml96-full_2014.11.iso

d3330229a69f52ec00d6023fa3241bb43a29f5ebb29c7e518cdb3585ee9a0cae  grml96-full_2014.11.iso


which is different! this is either really bad or just a small mistake.
what happened?

EDIT:
crap, just as i was writing this, i realised that it was a SHA1 hash,
not a SHA256 one as the file says:

hackan@hc-vision-black:/mnt/Downloads/Downloads/0Utils/Linux/grml$ sha1sum grml96-full_2014.11.iso

ea7204ed77fa3df3a4ed68e3b8e2ad6f95d5242d  grml96-full_2014.11.iso


which is fine. however, the file should read Hash: SHA1 instead of SHA256


Regards,
-- 
/HacKan/, CEO *HacKan & CuBa Co.* http://www.hackan.com.ar
History
Date User Action Args
2015-04-27 07:47:50mikasetstatus: unread -> wont-fix
priority: bug
messages: + msg4948
nosy: + mika
assignedto: mika
2015-04-27 02:34:07hackancreate