Hi, Pier Antonio Corradini wrote: > 3D0BA303805111F651A88D96FC64867FFC678E43F3756F5F91B24A810D91015E459... > C:\Users\CP\Documents\Linux\Debian12.10.0\VersioneHTTP\SHA512SUMS.txt
I get 36bf1f16bc4b9795122b7b3542a32f34c3be0ef294ff3a8bf43232df6554b69b569fe15d93c79ee48a47902e1a6ad87ca9966988cd4bf9db684f7dd7eda7813a from sha512sum SHA512SUMS So your SHA512SUMS.txt has not the same as my SHA512SUMS download of yesterday. > 58B5434926A9E5F7BA27FA32CD19B4379658945646549D6ACD3EC9A9368FFFACDAC... > C:\Users\CP\Documents\Linux\Debian12.10.0\VersioneHTTP\SHA512SUMS.sign I get 0095bd988c97a7bd0400704ffd3d0fe64a33057b5eaed7530973fac4e039cc366bc5c144413cdb48a591fa5a5d9bd8240721d797964ca453b5981d90ed8e1a13 from sha512sum SHA512SUMS.sign So our respective files with name SHA512SUMS.sign differ by content, too. We now know that local processing, downloading or malicious activities altered the signature file and the SHA512SUMS file. Malice would have to be suspected if the listed checksums in your file SHA512SUMS.txt would differ from those in my downloaded copy. My downloaded SHA512SUMS file has this content: ----------------------------------------------------------------------- e0bd9ba03084a6fd42413b425a2d20e3731678a31fe5fb2cc84f79332129afca2ad4ec897b4224d6a833afaf28a5d938b0fe5d680983182944162c6825b135ce debian-12.7.0-amd64-netinst.iso 915ab697472fd9a25a6b7b5d4988ee659fed61cd6dc6cd990435971af5894fca82426f213913fd95cce04de8d10e0ee709023b677d02d5c48062208ff5ab3112 debian-edu-12.7.0-amd64-netinst.iso d9480c2d765f3b1ebe8e7d06b1cf6ecf30b95146d5c2036f20904957db6139a440f9f8e7f4f901da6a02f810f2b3ab660aea56d99778c647c62386a2082c9407 debian-mac-12.7.0-amd64-netinst.iso ----------------------------------------------------------------------- So what does your SHA512.txt say ? ======================================================================= Not of importance for the problem any more. Just for understanding: Pier Antonio Corradini wrote: > > > gpg: Firma effettuata 03/15/25 21:33:08 ora solare Europa occidentale > > > gpg: utilizzando la chiave RSA > > > DF9B9C49EAA9298432589D76DA87E80D6294BE9B I wrote: > > Did this second-step run succeed ? > > It seems that the decisive message line is missing. Pier Antonio Corradini wrote: > What message? Something like gpg: Firma BAD da "Debian CD signing key <debian...@lists.debian.org>" or gpg: Firma Good da "Debian CD signing key <debian...@lists.debian.org>" or whatever your gpg --verify says about matching signature. Whatever, we now know that the files SHA512SUMS.txt and SHA512SUMS.sign are altered, which explains why they do not match. ======================================================================= Have a nice day :) Thomas
