:: Re: [DNG] beowulf-security (armhf)
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Florian Zieboll
日付:  
To: dng
題目: Re: [DNG] beowulf-security (armhf)
On Mon, 21 Dec 2020 14:46:04 +0100
Florian Zieboll via Dng <dng@???> wrote:

> On Mon, 21 Dec 2020 14:12:21 +0100
> "dng@???" <dng@???> wrote:
>
> > On 21-12-2020 13:50, Florian Zieboll via Dng wrote:
> > > On Mon, 21 Dec 2020 11:49:47 +0100
> > > "dng@???" <dng@???> wrote:
> > >
> > >> On 21-12-2020 11:41, Florian Zieboll via Dng wrote:
> > >>> Hallo,
> > >>>
> > >>> since yesterday, on /one/ of my two 'armhf' SBCs running
> > >>> Beowulf, updating the available packages from the
> > >>> 'beowulf-security' repo at 'http://deb.devuan.org/merged/'
> > >>> fails with a hash sum mismatch:
> > >>>
> > >>>     E: Failed to fetch
> > >>>     http://deb.devuan.org/merged/dists/beowulf-security/main/binary-armhf/Packages.gz
> > >>>     Hash Sum mismatch Hashes of expected file:
> > >>>         - Filesize:313442 [weak]
> > >>>         -
> > >>>     SHA256:8bb364c5751d0f71cec2b6f62e460430dc10255dbdaa04824f8b4f4bfdb4056d
> > >>>     Hashes of received file:
> > >>>         -
> > >>>     SHA256:e88fc4cfd052a1eab057ff1c61fbaa31e00d926bd513e9f629a9def18492bcc9
> > >>>         - Filesize:313442 [weak]
> > >>>        Last modification reported: Mon, 21 Dec 2020 03:21:07
> > >>> +0000 Release file created at: Mon, 21 Dec 2020 03:30:03 +0000

> > >>>
> > >>> I tried to update using TLS, but then I get a cert error:
> > >>>
> > >>>     Err:4 https://deb.devuan.org/merged beowulf-security
> > >>>     Release Certificate verification failed: The certificate is
> > >>> NOT trusted. The name in the certificate does not match the
> > >>> expected. Could not handshake: Error in the certificate
> > >>> verification. [IP: 195.85.215.180 443]

> > >>>
> > >>> The served certificate had been issued for
> > >>> 'devuan.packet-gain.de':
> > >>>
> > >>>     Serial Number
> > >>>     03:BD:C3:B7:3A:5C:21:6F:C2:AE:E3:EE:7F:EB:25:C6:64:0B

> > >>>
> > >>>     SHA-256
> > >>>     24:8E:31:3C:3D:41:98:FC:CC:33:5A:D1:5A:70:4E:43:84:19:FF:9E:7E:B9:51:D6:49:A2:95:86:A4:9B:7B:AB

> > >>>
> > >>>     SHA-1
> > >>>     D9:91:FF:59:E0:0E:86:1C:81:57:C0:EF:C2:71:72:04:8C:33:D8:5E

> > >>>
> > >>> The same happens with 'http://pkgmaster.devuan.org/merged' - as
> > >>> already mentioned only with one device, the other one updates
> > >>> fine.
> > >>>
> > >>> Is there any spare light to be shed on this issue?
> > >>>
> > >>> Thanks and best regards,
> > >>> Florian
> > >>>
> > >> You could try to use https://devuan.packet-gain.de temporary
> > >> instead of http://deb.devuan.org/merged/.
> > >
> > > Hallo Nick,
> > >
> > > thank you for the suggestion, but this solves the server
> > > certificate problem only: The hash sum mismatch for the release
> > > file afterwards remains. I suspect(ed, see below) a local issue
> > > on my side, as my other armhf beowulf device with the identical
> > > 'beowulf-security' line in the 'sources.list' updates (updated)
> > > fine.
> > >
> > > I tried with two suggestions from a websearch:
> > >
> > > After running
> > >
> > >     $ apt-get clean
> > >     $ rm -rf /var/lib/apt/lists/*
> > >     $ apt-get clean

> > >
> > > 'apt update' came up with a second hashsum mismatch, for the
> > > 'beowulf/main' repository. Now I get
> > >
> > >     E: Failed to fetch
> > > http://deb.devuan.org/merged/dists/beowulf/main/binary-armhf/Packages.gz
> > > Hash Sum mismatch Hashes of expected file:
> > >         - Filesize:10453353 [weak]
> > >         -
> > > SHA256:82e4bb0928025f1aa75bdb03eab02ff23c213531feb135a418f17c3c70e59e41
> > > Hashes of received file:
> > >         -
> > > SHA256:80faa01ad41a6b626c699919112b8d5800db448f1237a5bdd3196f05b71a2f2d
> > >         - Filesize:10453353 [weak]
> > >        Last modification reported: Mon, 21 Dec 2020 03:21:00 +0000
> > >        Release file created at: Mon, 21 Dec 2020 03:30:02 +0000
> > >     E: Failed to fetch
> > > http://deb.devuan.org/merged/dists/beowulf/main/Contents-armhf.gz
> > > E: Failed to fetch
> > > http://deb.devuan.org/merged/dists/beowulf-security/main/binary-armhf/Packages.gz
> > > Hash Sum mismatch Hashes of expected file:
> > >         - Filesize:313442 [weak]
> > >         -
> > > SHA256:8bb364c5751d0f71cec2b6f62e460430dc10255dbdaa04824f8b4f4bfdb4056d
> > > Hashes of received file:
> > >         -
> > > SHA256:e88fc4cfd052a1eab057ff1c61fbaa31e00d926bd513e9f629a9def18492bcc9
> > >         - Filesize:313442 [weak]
> > >        Last modification reported: Mon, 21 Dec 2020 03:21:07 +0000
> > >        Release file created at: Mon, 21 Dec 2020 03:30:03 +0000
> > >     E: Failed to fetch
> > > http://deb.devuan.org/merged/dists/beowulf-security/main/Contents-armhf.gz  

> > >
> > >
> > > Running
> > >
> > >     $ apt-get -o Acquire::BrokenProxy="true" -o
> > > Acquire::http::No-Cache="true" -o
> > > Acquire::http::Pipeline-Depth="0" update

> > >
> > > did not result in any further changes, also after repeating the
> > > 'apt clean' attempt. Therefore, with these two repos not
> > > available, the upgrade wants to pull in all the packages from
> > > pinned (150) backports.
> > >
> > >
> > > In the meantime, my other 'armhf' device started to get hash sum
> > > mismatches on update as well. For better visibility, I embezzle
> > > the third error for 'beowulf-updates':
> > >
> > >     E: Failed to fetch
> > > http://deb.devuan.org/merged/dists/beowulf/main/Contents-armhf.gz
> > > Hash Sum mismatch Hashes of expected file:
> > >         - Filesize:31984703 [weak]
> > >         -
> > > SHA256:b2c022ec6bfc1544e75a4c4619e525c4028fdee374ea5af5723cfe501d3986be
> > > Hashes of received file:
> > >         -
> > > SHA256:1bf6ed78d1d42ff2742845e31eedd35a97e90657aea0779715a5ca0ba365bfd2
> > >         - Filesize:31984703 [weak]
> > >        Last modification reported: Sun, 20 Dec 2020 01:36:34 +0000
> > >        Release file created at: Mon, 21 Dec 2020 03:30:02 +0000
> > >     E: Failed to fetch
> > > http://deb.devuan.org/merged/dists/beowulf-security/main/Contents-armhf.gz
> > > Hash Sum mismatch Hashes of expected file:
> > >         - Filesize:36 [weak]
> > >         -
> > > SHA256:77a4c02b866715c333d61d7f0968893bfccc4bd3f19dadf74178b0a722c05cf2
> > > Hashes of received file:
> > >         -
> > > SHA256:8a54ddffbc409e34ac4c037acf36a6c2b6ac8a44a66ec798c37a097c9f341f9a
> > >         - Filesize:36 [weak]
> > >        Last modification reported: Sun, 20 Dec 2020 01:36:39 +0000
> > >        Release file created at: Mon, 21 Dec 2020 03:30:03 +0000

> > >
> > >
> > > Interestingly, both systems seem to expect different files
> > > (regarding file size and hash), while on each system the
> > > 'expected' and 'received' file sizes do concur with each other
> > > and the rejected files' hashes do not change over several runs.
> > >
> > >
> > > thanks and libre Grüße,
> > > Florian
> >
> > Hallo Florian,
> >
> > Did you try with another mirror in your apt list? That worked for me
> > some time ago. It could be that the official Contents-armhf.gz at
> > deb.devuan.org is of later date than used mirror.
> >
> > Grtz
> >
> > Nick
>
>
> Hallo Nick,
>
> yes, I had tried with 'deb.devuan.org', 'packages.devuan.org' and just
> now another time with 'pkgmaster.devuan.org', which all resolve to
> different IP addresses. And 'devuan.packet-gain.de', but I guess that
> one doesn't count, as it had been chosen by the 'roundr' at
> 'deb.devuan.org'.
>
> Oh, and the armbian repo now started failing, too - with a file /size/
> mismatch. But this error is not persistent, it shows up only every
> third or fourth try:
>
>     E: Failed to fetch
> https://armbian.hosthatch.com/apt/dists/buster/main/binary-armhf/Packages.gz
> File has unexpected size (646152 != 645022). Mirror sync in progress?
> [IP: 31.220.4.23 443] Hashes of expected file:
>         - Filesize:645022 [weak]
>         -
>     SHA512:e9b50990aeb3dd9f4c608ee350f2ea3acfaba3bbd21c1cc6f7c78922fd6f907f98cb6e3bf150204a32457905f10cef668e9bfd51dbf7c16f1ff1ec7ce252a7b0
>         -
>     SHA256:4aa7297cdf610d0d64fea6959c9965e2edeac241d7ca9a15f978e9997cd37ac1
>         - SHA1:a50b9b3eab88be5842801af7dd4211bbf5fc19c2 [weak]
>         - MD5Sum:caf79173376defef63fe679386fd6eb3 [weak]
>        Release file created at: Sat, 12 Dec 2020 15:07:27 +0000
>     E: Failed to fetch
>     https://armbian.systemonachip.net/apt/dists/buster/main/Contents-armhf  

>
>
> So this probably happens on a networking layer...!? But why so
> consistently?
>
>
> libre Grüße,
> Florian



Hallo Nick,

thanks for your support. I am not sure what had happened here, but
today in the morning I found the timeserver totally out of sync, as
ntpd didn't accept the '-g' option ("set to any value without
restriction") to work around the lacking onboard RTC anymore. After
switching to openntpd and a full 'apt upgrade' to backports, everything
is working fine again. Not what I had planned to do, it's OK for now.

libre Grüße,
Florian