Bug ID 953927
Summary provide sha256sum instructions on download page (or link to them)
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware All
OS All
Status NEW
Severity Normal
Priority P5 - None
Component Release Notes
Assignee ke@suse.com
Reporter jimmy@boombatower.com
QA Contact coolo@suse.com
Found By ---
Blocker --- 

User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/47.0.2526.49 Safari/537.36
Build Identifier: 

The instructions for checking the iso against the checksum should be easily
accessible from the download page (https://software.opensuse.org/421/en). This
applies to all releases (or at least Leap and Tumbleweed).

a) sha256sum is not defaultly available?
b) should not have to figure out command

Something along the lines of (for openSUSE users looking to upgrade):

zypper in coreutils
cd /dir/with/iso (maybe even reference shortcut from dolphin [shift + F4])
sha256sum --check openSUSE-Leap-42.1-DVD-x86_64.iso.sha256

and example output:

openSUSE-Leap-42.1-DVD-x86_64.iso: OK
sha256sum: WARNING: 15 lines are improperly formatted

So users know what to expect.
Additionally it seems the gpg signature causes the warning which as you can see
from the conversation may be concerning to users since it says "WARNING" in all
caps. Not sure if there is a simple fix to make sha256sum ignore the gpg
signature, otherwise perhaps a grep/sed/etc command piped to remove the
signature before usage.

Perhaps the best option is to simply link to a wiki page (perhaps it exists)
that makes it easy to maintain and have users add various instructions for guis
and other OS/distro starting points. Looks like the "Metalink" page may already
been good enough and just need some simple command-line instructions for people
looking for that quick check.

Reproducible: Always

Steps to Reproduce:
1. visit download page
2. download iso
3. download checksum
Actual Results:  
wonder how to proceed

Expected Results:  
copy/paste commands and execute to check

Real world example:

[01:26] <crypt0z> HI
[01:26] <crypt0z> someone know where in the wiki it's written how to check the
iso file?
[01:27] <crypt0z> thanks in advance bro of Suse! o7
[01:28] <crypt0z> Nop?
[01:29] <boombatower> crypt0z: k3b will do it while you write
[01:29] <boombatower> otherwise whatever algorithm you used
[01:29] <boombatower> sha1sum [file] etc
[01:29] <boombatower> leap?
[01:29] <crypt0z> yes leap
[01:30] <boombatower> torrent client should also be able to do it
[01:30] <crypt0z> the problem is: i only found the sha256...
[01:30] <boombatower> sha256sum <filename>
[01:30] <crypt0z> i get sha256 command not found :/
[01:30] <crypt0z> ^^
[01:31] <boombatower> zypper wp sha256sum
[01:31] <crypt0z> that's why i was searching for the wiki pages Holgi :)
[01:31] <boombatower> rather zypper wp /usr/bin/sha256sum
[01:31] <boombatower> zypper in coreutils
[01:31] <boombatower> looks like has --check option
[01:32] <boombatower> so can probably do that if you download the checksum file
next to iso
[01:32] <boombatower> suppose I should be seeding them anyway so I'll download
it
[01:33] <boombatower> crypt0z: ^^
[01:33] <crypt0z> Ok ok
[01:33] <boombatower> zypper in coreutils (will install it)
[01:34] <crypt0z> ydone
[01:34] <crypt0z> any way to get the md5 file? (brasero don't support 256sum,
fuck! x) )
[01:35] <crypt0z> i found it with ddg ! but well i need the file (i get the
md5: 30f4f2f599735c36b84b8f3ad0eef3e2)
[01:35] <boombatower> why not just run the command?
[01:36] <crypt0z> because how the command will know the correct hash?
[01:36] <boombatower>
http://download.opensuse.org/distribution/leap/42.1/iso/openSUSE-Leap-42.1-DVD-x86_64.iso.sha256
[01:36] <boombatower> link on download page
[01:36] <boombatower> that is correc tone
[01:37] <crypt0z> ok,thanks.
[01:37] <boombatower> sha256sum --check
openSUSE-Leap-42.1-DVD-x86_64.iso.sha256
[01:37] <boombatower> if you want it to check for you do that
[01:37] <boombatower> otherwise do the sum on the iso and check the result
manually
[01:38] <boombatower> i just had both files in same dir and ran that command
[01:39] <boombatower> not sure why all of what I just said isn't on download
page
[01:39] <boombatower> or link
[01:41] <crypt0z> boombatower:  yep it would be very easier for n00b
[01:41] <crypt0z> ^^
[01:41] <crypt0z> thanks anyways man ! :3
[01:42] <boombatower> perhaps I'll file a bug
[01:42] <boombatower> np
[01:43] <boombatower> either ktorrent is bugged or my internet is too fast
(doubtful) as it seems to have to stop and catch it's breath preriodically
[01:45] <crypt0z> boombatower: [user@userspc Downloads]$ sha256sum --check
openSUSE-Leap-42.1-DVD-x86_64.iso.sha256 openSUSE-Leap-42.1-DVD-x86_64.iso: OK
sha256sum: WARNING: 15 lines are improperly formatted [user@userspc Downloads]$
[01:45] <boombatower> yea I don't think it likes the gpg signature at the
bottom
[01:45] <crypt0z> the "sha256sum: WARNING: 15 lines are improperly formatted"
is important?
[01:45] <boombatower> but it says OK
[01:45] <crypt0z> yep whatever it said ok , so... =)
[01:45] <crypt0z> :D
[01:46] <crypt0z> LET BURN IT TO DEATH!!! *metal music, dead singer screaming*
[01:46] <boombatower> hehe, gl
[01:46] <crypt0z> :p
[01:46] <crypt0z> thanks mate !
[01:46] <boombatower> np

You are receiving this mail because: