On Mon, 2016-10-17 at 10:22 +0200, stakanov@freenet.de wrote:
Whenever I try to download the 32bit version of TW, at the end I finish up with a file of 3.91 GB and the warning that the SHA256 Checksum failed during meta4 download. When checking the checksum via CLI the GPG check turns out correct, the check with SHA256 gives error (14 lines not formatted correctly, one calculated checksum does NOT correspond. I tried to copy the checksum only and paste it in the "downthemall" plugin but it also gives wrong checksum.
The .sha256 file contains an embedded gpg signature; the sha tool itself does not know how to handle this, but the warning can be ignored (and is basically intentional)
Is this known? Is this a mirror problem? Or is the current image for 32 bit inadvertently broken?
As long as the sha256 sum of the ISO matches the one in the
corresponding .sha256 file AND the gpg signature of the .sha256 file
can be validated to come from openSUSE, you can be sure that all files
are properly downloaded.
To verify the gpg signature in the .sha256 file:
$ gpg --verify openSUSE-Tumbleweed-DVD-i586-Snapshot20161013-
Media.iso.sha256
gpg: Signature made Thu 13 Oct 2016 23:32:04 CEST
gpg: using RSA key B88B2FD43DBDC284
gpg: Good signature from "openSUSE Project Signing Key