On 21-12-2020 13:50, Florian Zieboll via Dng wrote:
> On Mon, 21 Dec 2020 11:49:47 +0100
> "dng@???" <dng@???> wrote:
>
>> On 21-12-2020 11:41, Florian Zieboll via Dng wrote:
>>> Hallo,
>>>
>>> since yesterday, on /one/ of my two 'armhf' SBCs running Beowulf,
>>> updating the available packages from the 'beowulf-security' repo at
>>> 'http://deb.devuan.org/merged/' fails with a hash sum mismatch:
>>>
>>> E: Failed to fetch
>>> http://deb.devuan.org/merged/dists/beowulf-security/main/binary-armhf/Packages.gz
>>> Hash Sum mismatch Hashes of expected file:
>>> - Filesize:313442 [weak]
>>> -
>>> SHA256:8bb364c5751d0f71cec2b6f62e460430dc10255dbdaa04824f8b4f4bfdb4056d
>>> Hashes of received file:
>>> -
>>> SHA256:e88fc4cfd052a1eab057ff1c61fbaa31e00d926bd513e9f629a9def18492bcc9
>>> - Filesize:313442 [weak]
>>> Last modification reported: Mon, 21 Dec 2020 03:21:07 +0000
>>> Release file created at: Mon, 21 Dec 2020 03:30:03 +0000
>>>
>>> I tried to update using TLS, but then I get a cert error:
>>>
>>> Err:4 https://deb.devuan.org/merged beowulf-security
>>> Release Certificate verification failed: The certificate is NOT
>>> trusted. The name in the certificate does not match the
>>> expected. Could not handshake: Error in the certificate
>>> verification. [IP: 195.85.215.180 443]
>>>
>>> The served certificate had been issued for 'devuan.packet-gain.de':
>>>
>>> Serial Number
>>> 03:BD:C3:B7:3A:5C:21:6F:C2:AE:E3:EE:7F:EB:25:C6:64:0B
>>>
>>> SHA-256
>>> 24:8E:31:3C:3D:41:98:FC:CC:33:5A:D1:5A:70:4E:43:84:19:FF:9E:7E:B9:51:D6:49:A2:95:86:A4:9B:7B:AB
>>>
>>> SHA-1
>>> D9:91:FF:59:E0:0E:86:1C:81:57:C0:EF:C2:71:72:04:8C:33:D8:5E
>>>
>>> The same happens with 'http://pkgmaster.devuan.org/merged' - as
>>> already mentioned only with one device, the other one updates fine.
>>>
>>> Is there any spare light to be shed on this issue?
>>>
>>> Thanks and best regards,
>>> Florian
>>>
>> You could try to use https://devuan.packet-gain.de temporary instead
>> of http://deb.devuan.org/merged/.
>
> Hallo Nick,
>
> thank you for the suggestion, but this solves the server certificate
> problem only: The hash sum mismatch for the release file afterwards
> remains. I suspect(ed, see below) a local issue on my side, as my other
> armhf beowulf device with the identical 'beowulf-security' line in the
> 'sources.list' updates (updated) fine.
>
> I tried with two suggestions from a websearch:
>
> After running
>
> $ apt-get clean
> $ rm -rf /var/lib/apt/lists/*
> $ apt-get clean
>
> 'apt update' came up with a second hashsum mismatch, for the
> 'beowulf/main' repository. Now I get
>
> E: Failed to fetch http://deb.devuan.org/merged/dists/beowulf/main/binary-armhf/Packages.gz Hash Sum mismatch
> Hashes of expected file:
> - Filesize:10453353 [weak]
> - SHA256:82e4bb0928025f1aa75bdb03eab02ff23c213531feb135a418f17c3c70e59e41
> Hashes of received file:
> - SHA256:80faa01ad41a6b626c699919112b8d5800db448f1237a5bdd3196f05b71a2f2d
> - Filesize:10453353 [weak]
> Last modification reported: Mon, 21 Dec 2020 03:21:00 +0000
> Release file created at: Mon, 21 Dec 2020 03:30:02 +0000
> E: Failed to fetch http://deb.devuan.org/merged/dists/beowulf/main/Contents-armhf.gz
> E: Failed to fetch http://deb.devuan.org/merged/dists/beowulf-security/main/binary-armhf/Packages.gz Hash Sum mismatch
> Hashes of expected file:
> - Filesize:313442 [weak]
> - SHA256:8bb364c5751d0f71cec2b6f62e460430dc10255dbdaa04824f8b4f4bfdb4056d
> Hashes of received file:
> - SHA256:e88fc4cfd052a1eab057ff1c61fbaa31e00d926bd513e9f629a9def18492bcc9
> - Filesize:313442 [weak]
> Last modification reported: Mon, 21 Dec 2020 03:21:07 +0000
> Release file created at: Mon, 21 Dec 2020 03:30:03 +0000
> E: Failed to fetch http://deb.devuan.org/merged/dists/beowulf-security/main/Contents-armhf.gz
>
>
> Running
>
> $ apt-get -o Acquire::BrokenProxy="true" -o Acquire::http::No-Cache="true" -o Acquire::http::Pipeline-Depth="0" update
>
> did not result in any further changes, also after repeating the 'apt
> clean' attempt. Therefore, with these two repos not available, the
> upgrade wants to pull in all the packages from pinned (150) backports.
>
>
> In the meantime, my other 'armhf' device started to get hash sum mismatches
> on update as well. For better visibility, I embezzle the third error for
> 'beowulf-updates':
>
> E: Failed to fetch http://deb.devuan.org/merged/dists/beowulf/main/Contents-armhf.gz Hash Sum mismatch
> Hashes of expected file:
> - Filesize:31984703 [weak]
> - SHA256:b2c022ec6bfc1544e75a4c4619e525c4028fdee374ea5af5723cfe501d3986be
> Hashes of received file:
> - SHA256:1bf6ed78d1d42ff2742845e31eedd35a97e90657aea0779715a5ca0ba365bfd2
> - Filesize:31984703 [weak]
> Last modification reported: Sun, 20 Dec 2020 01:36:34 +0000
> Release file created at: Mon, 21 Dec 2020 03:30:02 +0000
> E: Failed to fetch http://deb.devuan.org/merged/dists/beowulf-security/main/Contents-armhf.gz Hash Sum mismatch
> Hashes of expected file:
> - Filesize:36 [weak]
> - SHA256:77a4c02b866715c333d61d7f0968893bfccc4bd3f19dadf74178b0a722c05cf2
> Hashes of received file:
> - SHA256:8a54ddffbc409e34ac4c037acf36a6c2b6ac8a44a66ec798c37a097c9f341f9a
> - Filesize:36 [weak]
> Last modification reported: Sun, 20 Dec 2020 01:36:39 +0000
> Release file created at: Mon, 21 Dec 2020 03:30:03 +0000
>
>
> Interestingly, both systems seem to expect different files (regarding
> file size and hash), while on each system the 'expected' and 'received'
> file sizes do concur with each other and the rejected files' hashes do
> not change over several runs.
>
>
> thanks and libre Grüße,
> Florian
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Hallo Florian,
Did you try with another mirror in your apt list? That worked for me
some time ago. It could be that the official Contents-armhf.gz at
deb.devuan.org is of later date than used mirror.
Grtz
Nick