On Mon, 21 Dec 2020 14:12:21 +0100
"dng@???" <dng@???> wrote:
> On 21-12-2020 13:50, Florian Zieboll via Dng wrote:
> > On Mon, 21 Dec 2020 11:49:47 +0100
> > "dng@???" <dng@???> wrote:
> >
> >> On 21-12-2020 11:41, Florian Zieboll via Dng wrote:
> >>> Hallo,
> >>>
> >>> since yesterday, on /one/ of my two 'armhf' SBCs running Beowulf,
> >>> updating the available packages from the 'beowulf-security' repo
> >>> at 'http://deb.devuan.org/merged/' fails with a hash sum mismatch:
> >>>
> >>> E: Failed to fetch
> >>> http://deb.devuan.org/merged/dists/beowulf-security/main/binary-armhf/Packages.gz
> >>> Hash Sum mismatch Hashes of expected file:
> >>> - Filesize:313442 [weak]
> >>> -
> >>> SHA256:8bb364c5751d0f71cec2b6f62e460430dc10255dbdaa04824f8b4f4bfdb4056d
> >>> Hashes of received file:
> >>> -
> >>> SHA256:e88fc4cfd052a1eab057ff1c61fbaa31e00d926bd513e9f629a9def18492bcc9
> >>> - Filesize:313442 [weak]
> >>> Last modification reported: Mon, 21 Dec 2020 03:21:07 +0000
> >>> Release file created at: Mon, 21 Dec 2020 03:30:03 +0000
> >>>
> >>> I tried to update using TLS, but then I get a cert error:
> >>>
> >>> Err:4 https://deb.devuan.org/merged beowulf-security
> >>> Release Certificate verification failed: The certificate is
> >>> NOT trusted. The name in the certificate does not match the
> >>> expected. Could not handshake: Error in the certificate
> >>> verification. [IP: 195.85.215.180 443]
> >>>
> >>> The served certificate had been issued for
> >>> 'devuan.packet-gain.de':
> >>>
> >>> Serial Number
> >>> 03:BD:C3:B7:3A:5C:21:6F:C2:AE:E3:EE:7F:EB:25:C6:64:0B
> >>>
> >>> SHA-256
> >>> 24:8E:31:3C:3D:41:98:FC:CC:33:5A:D1:5A:70:4E:43:84:19:FF:9E:7E:B9:51:D6:49:A2:95:86:A4:9B:7B:AB
> >>>
> >>> SHA-1
> >>> D9:91:FF:59:E0:0E:86:1C:81:57:C0:EF:C2:71:72:04:8C:33:D8:5E
> >>>
> >>> The same happens with 'http://pkgmaster.devuan.org/merged' - as
> >>> already mentioned only with one device, the other one updates
> >>> fine.
> >>>
> >>> Is there any spare light to be shed on this issue?
> >>>
> >>> Thanks and best regards,
> >>> Florian
> >>>
> >> You could try to use https://devuan.packet-gain.de temporary
> >> instead of http://deb.devuan.org/merged/.
> >
> > Hallo Nick,
> >
> > thank you for the suggestion, but this solves the server certificate
> > problem only: The hash sum mismatch for the release file afterwards
> > remains. I suspect(ed, see below) a local issue on my side, as my
> > other armhf beowulf device with the identical 'beowulf-security'
> > line in the 'sources.list' updates (updated) fine.
> >
> > I tried with two suggestions from a websearch:
> >
> > After running
> >
> > $ apt-get clean
> > $ rm -rf /var/lib/apt/lists/*
> > $ apt-get clean
> >
> > 'apt update' came up with a second hashsum mismatch, for the
> > 'beowulf/main' repository. Now I get
> >
> > E: Failed to fetch
> > http://deb.devuan.org/merged/dists/beowulf/main/binary-armhf/Packages.gz
> > Hash Sum mismatch Hashes of expected file:
> > - Filesize:10453353 [weak]
> > -
> > SHA256:82e4bb0928025f1aa75bdb03eab02ff23c213531feb135a418f17c3c70e59e41
> > Hashes of received file:
> > -
> > SHA256:80faa01ad41a6b626c699919112b8d5800db448f1237a5bdd3196f05b71a2f2d
> > - Filesize:10453353 [weak]
> > Last modification reported: Mon, 21 Dec 2020 03:21:00 +0000
> > Release file created at: Mon, 21 Dec 2020 03:30:02 +0000
> > E: Failed to fetch
> > http://deb.devuan.org/merged/dists/beowulf/main/Contents-armhf.gz
> > E: Failed to fetch
> > http://deb.devuan.org/merged/dists/beowulf-security/main/binary-armhf/Packages.gz
> > Hash Sum mismatch Hashes of expected file:
> > - Filesize:313442 [weak]
> > -
> > SHA256:8bb364c5751d0f71cec2b6f62e460430dc10255dbdaa04824f8b4f4bfdb4056d
> > Hashes of received file:
> > -
> > SHA256:e88fc4cfd052a1eab057ff1c61fbaa31e00d926bd513e9f629a9def18492bcc9
> > - Filesize:313442 [weak]
> > Last modification reported: Mon, 21 Dec 2020 03:21:07 +0000
> > Release file created at: Mon, 21 Dec 2020 03:30:03 +0000
> > E: Failed to fetch
> > http://deb.devuan.org/merged/dists/beowulf-security/main/Contents-armhf.gz
> >
> >
> > Running
> >
> > $ apt-get -o Acquire::BrokenProxy="true" -o
> > Acquire::http::No-Cache="true" -o Acquire::http::Pipeline-Depth="0"
> > update
> >
> > did not result in any further changes, also after repeating the 'apt
> > clean' attempt. Therefore, with these two repos not available, the
> > upgrade wants to pull in all the packages from pinned (150)
> > backports.
> >
> >
> > In the meantime, my other 'armhf' device started to get hash sum
> > mismatches on update as well. For better visibility, I embezzle the
> > third error for 'beowulf-updates':
> >
> > E: Failed to fetch
> > http://deb.devuan.org/merged/dists/beowulf/main/Contents-armhf.gz
> > Hash Sum mismatch Hashes of expected file:
> > - Filesize:31984703 [weak]
> > -
> > SHA256:b2c022ec6bfc1544e75a4c4619e525c4028fdee374ea5af5723cfe501d3986be
> > Hashes of received file:
> > -
> > SHA256:1bf6ed78d1d42ff2742845e31eedd35a97e90657aea0779715a5ca0ba365bfd2
> > - Filesize:31984703 [weak]
> > Last modification reported: Sun, 20 Dec 2020 01:36:34 +0000
> > Release file created at: Mon, 21 Dec 2020 03:30:02 +0000
> > E: Failed to fetch
> > http://deb.devuan.org/merged/dists/beowulf-security/main/Contents-armhf.gz
> > Hash Sum mismatch Hashes of expected file:
> > - Filesize:36 [weak]
> > -
> > SHA256:77a4c02b866715c333d61d7f0968893bfccc4bd3f19dadf74178b0a722c05cf2
> > Hashes of received file:
> > -
> > SHA256:8a54ddffbc409e34ac4c037acf36a6c2b6ac8a44a66ec798c37a097c9f341f9a
> > - Filesize:36 [weak]
> > Last modification reported: Sun, 20 Dec 2020 01:36:39 +0000
> > Release file created at: Mon, 21 Dec 2020 03:30:03 +0000
> >
> >
> > Interestingly, both systems seem to expect different files
> > (regarding file size and hash), while on each system the 'expected'
> > and 'received' file sizes do concur with each other and the
> > rejected files' hashes do not change over several runs.
> >
> >
> > thanks and libre Grüße,
> > Florian
>
> Hallo Florian,
>
> Did you try with another mirror in your apt list? That worked for me
> some time ago. It could be that the official Contents-armhf.gz at
> deb.devuan.org is of later date than used mirror.
>
> Grtz
>
> Nick
Hallo Nick,
yes, I had tried with 'deb.devuan.org', 'packages.devuan.org' and just
now another time with 'pkgmaster.devuan.org', which all resolve to
different IP addresses. And 'devuan.packet-gain.de', but I guess that
one doesn't count, as it had been chosen by the 'roundr' at
'deb.devuan.org'.
Oh, and the armbian repo now started failing, too - with a file /size/
mismatch. But this error is not persistent, it shows up only every
third or fourth try:
E: Failed to fetch https://armbian.hosthatch.com/apt/dists/buster/main/binary-armhf/Packages.gz File has unexpected size (646152 != 645022). Mirror sync in
progress? [IP: 31.220.4.23 443]
Hashes of expected file:
- Filesize:645022 [weak]
-
SHA512:e9b50990aeb3dd9f4c608ee350f2ea3acfaba3bbd21c1cc6f7c78922fd6f907f98cb6e3bf150204a32457905f10cef668e9bfd51dbf7c16f1ff1ec7ce252a7b0
-
SHA256:4aa7297cdf610d0d64fea6959c9965e2edeac241d7ca9a15f978e9997cd37ac1
- SHA1:a50b9b3eab88be5842801af7dd4211bbf5fc19c2 [weak]
- MD5Sum:caf79173376defef63fe679386fd6eb3 [weak]
Release file created at: Sat, 12 Dec 2020 15:07:27 +0000
E: Failed to fetch
https://armbian.systemonachip.net/apt/dists/buster/main/Contents-armhf
So this probably happens on a networking layer...!? But why so consistently?
libre Grüße,
Florian
::
Re: [DNG] beowulf-security (armhf)
