Skip to content

openSUSE 15: Incorrect checksums for netstandard-targeting-pack #4050

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ghost opened this issue Dec 27, 2019 · 3 comments
Closed

openSUSE 15: Incorrect checksums for netstandard-targeting-pack #4050

ghost opened this issue Dec 27, 2019 · 3 comments
Labels
area-setup Issues related to installing .NET Core

Comments

@ghost
Copy link

ghost commented Dec 27, 2019

openSUSE 15: Incorrect checksums for netstandard-targeting-pack

same as #3867 / #3853

in #3853 openSUSE is mentioned, but the issue was not resolved, at least not in repository https://packages.microsoft.com/opensuse/15/prod/

when trying to install dotnetcore SDK (openSUSE 15.1 using YaST), following error occurs:

The expected checksum of file /var/tmp/AP_0xdKLXst/netstandard-targeting-pack-2.1.0-x64.rpm
is 45e199caf1151a750d11d9c5c7669d6e23d8dbb33da54d1d90bde55745996480,
but the current checksum is fa194a8c12913dcec85c8d24bfc91686a7b93128b4c05346df16e2c641e2ba41.
@dagood
Copy link
Member

dagood commented Jan 6, 2020

Thanks for filing, this repros for me too.

When I run this on an openSUSE Leap 15.1 Docker container, the error looks like this, and unblocking using the fa19 option (to confirm installing the bad fa19 checksum) lets me continue. That should be OK as a workaround for now:

Warning: Digest verification failed for file 'netstandard-targeting-pack-2.1.0-x64.rpm'
[/var/tmp/AP_0xRcp0hk/netstandard-targeting-pack-2.1.0-x64.rpm]

  expected 45e199caf1151a750d11d9c5c7669d6e23d8dbb33da54d1d90bde55745996480
  but got  fa194a8c12913dcec85c8d24bfc91686a7b93128b4c05346df16e2c641e2ba41

Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.

However if you made certain that the file with checksum 'fa19..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.

Unblock or discard? [fa19/...? shows all options] (discard):

Another workaround is to install the RPM directly via URL to avoid the checksum validation:

$ sudo yum install -y https://packages.microsoft.com/opensuse/15/prod/netstandard-targeting-pack-2.1.0-x64.rpm

I'll try to (internally) find the right person to fix this and report back.

@dagood dagood added the area-setup Issues related to installing .NET Core label Jan 6, 2020
@dagood
Copy link
Member

dagood commented Jan 7, 2020

We ran the fix on this package (delete + reupload to refresh the expected checksum). Unfortunately, it caused a more general problem with the openSUSE 15 repo, which I've filed #4085 to track. When I bypass that issue, the checksum is fine, so I'm closing this issue as resolved.

@dagood dagood closed this as completed Jan 7, 2020
@ghost
Copy link
Author

ghost commented Jan 7, 2020

thanks @dagood !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-setup Issues related to installing .NET Core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dagood