On 23/04/20 9:02 pm, Marc-Antoine Bourgeot wrote: > Hi everyone ! > > I just downloaded the latest openstack debian 9 image from a debian mirror > using : > https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2 > > I also got the checksum and its signature : > https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS > https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS.sign > > > checksum's signature is good: > > $ gpg --verify SHA256SUMS.sign > gpg: assuming signed data in 'SHA256SUMS' > gpg: Signature made dim. 29 mars 2020 16:40:45 CEST > gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B > gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" > [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B > > > but checksum fails : > > $ sha256sum -c SHA256SUMS --ignore-missing > debian-9-openstack-amd64.qcow2: FAILED > sha256sum: WARNING: 1 computed checksum did NOT match > sha256sum: SHA256SUMS: no file was verified > > > I've try to download a new copy (from the same mirror) but it still fails. > The mirror I use is https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9 > > I couldn't manage to find another mirror to check if this copy only was > altered, or all of them. > > If anyone could verify that on its side and provide me a mirror that contain > a valid image that would be awesome !
richard@zircon:~/temp$ wget https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2 --2020-04-23 22:00:19-- https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2 Resolving cdimage.debian.org (cdimage.debian.org)... 2001:6b0:19::173, 2001:6b0:19::165, 194.71.11.173, ... Connecting to cdimage.debian.org (cdimage.debian.org)|2001:6b0:19::173|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2 [following] --2020-04-23 22:00:21-- https://caesar.ftp.acc.umu.se/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2 Resolving caesar.ftp.acc.umu.se (caesar.ftp.acc.umu.se)... 2001:6b0:19::142, 194.71.11.142 Connecting to caesar.ftp.acc.umu.se (caesar.ftp.acc.umu.se)|2001:6b0:19::142|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 591897088 (564M) Saving to: ‘debian-9-openstack-amd64.qcow2’ debian-9-openstack- 100%[===================>] 564.48M 5.68MB/s in 92s 2020-04-23 22:01:55 (6.16 MB/s) - ‘debian-9-openstack-amd64.qcow2’ saved [591897088/591897088] so from the same mirror. richard@zircon:~/temp$ wget https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS --2020-04-23 22:01:26-- https://cdimage.debian.org/cdimage/openstack/current-9/SHA256SUMS Resolving cdimage.debian.org (cdimage.debian.org)... 2001:6b0:19::165, 2001:6b0:19::173, 194.71.11.165, ... Connecting to cdimage.debian.org (cdimage.debian.org)|2001:6b0:19::165|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1010 Saving to: ‘SHA256SUMS’ SHA256SUMS 100%[===================>] 1010 --.-KB/s in 0s 2020-04-23 22:01:27 (20.0 MB/s) - ‘SHA256SUMS’ saved [1010/1010] richard@zircon:~/temp$ sha256sum -c SHA256SUMS --ignore-missing debian-9-openstack-amd64.qcow2: OK I didn't verify the signature (no public key?). The checksum line is this: c8bde8e267ea806a10ca04f05077bd83b804a376d7a60a9946bed65c540239a0 debian-9-openstack-amd64.qcow2 HTH, Richard
