[Bug 1175968] New: YaST2 reports "Wrong Digest" for https://download.nvidia.com/opensuse/tumbleweed
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 Bug ID: 1175968 Summary: YaST2 reports "Wrong Digest" for https://download.nvidia.com/opensuse/tumbleweed Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers@suse.de Reporter: jchoksi@gmail.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- Confirmed as happening to others as well: - https://old.reddit.com/r/openSUSE/comments/iiuc4g/anybody_else_getting_a_wro... - https://lists.opensuse.org/opensuse-factory/2020-08/msg00329.html In my case, when installing openSUSE Tumbleweed via autoyast, if I have an entry to setup the nvidia repository, e.g. <listentry t="map"> <alias>download.nvidia.com-tumbleweed</alias> <media_url>https://download.nvidia.com/opensuse/tumbleweed</media_url> <name>nVidia Graphics Drivers</name> <priority t="integer">90</priority> <product_dir>/</product_dir> </listentry> then during installation, I will get the following error: ---snip--- Wrong Digest The expected checksum of file /var/tmp/AP_0xp8UPnm/repodata/susedata.xml.gz is fa47ae8244fe7640f149d28964e604bf7e756da989d7e520f67216a96bb6cfb2, but the current checksum is 1f4dc420bfbf3d1b423cd7c4e1ca6aa25d7a13daff70c64e412f0ed449602406. The file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system. Use it anyway? [] Do not show this message again [ YES ] [ NO ] ---snip--- -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 http://bugzilla.opensuse.org/show_bug.cgi?id=1175968#c1 --- Comment #1 from Jinesh Choksi <jchoksi@gmail.com> --- Output of trying to add the repo manually on another existing Tumbleweed repo: ---snip--- localhost:~ # zypper lr -P # | Alias | Name | Enabled | GPG Check | Refresh | Priority --+----------------------------------+---------------------------+---------+-----------+---------+--------- 1 | download.opensuse.org-non-oss | Main Repository (NON-OSS) | Yes | (r ) Yes | Yes | 99 2 | download.opensuse.org-oss | Main Repository (DEBUG) | Yes | (r ) Yes | Yes | 99 3 | download.opensuse.org-oss_1 | Main Repository (Sources) | Yes | (r ) Yes | Yes | 99 4 | download.opensuse.org-oss_2 | Main Repository (OSS) | Yes | (r ) Yes | Yes | 99 5 | download.opensuse.org-tumbleweed | Main Update Repository | Yes | (r ) Yes | Yes | 99 6 | openSUSE-20200824-0 | openSUSE-20200824-0 | Yes | (r ) Yes | Yes | 99 localhost:~ # zypper addrepo --refresh --check https://download.nvidia.com/opensuse/tumbleweed NVIDIA Adding repository 'NVIDIA' ................................................................................................................................................................[done] Repository 'NVIDIA' successfully added URI : https://download.nvidia.com/opensuse/tumbleweed Enabled : Yes GPG Check : Yes Autorefresh : Yes Priority : 99 (default priority) Repository priorities are without effect. All enabled repositories share the same priority. localhost:~ # zypper refresh Retrieving repository 'NVIDIA' metadata ------------------------------------------------------------------------------------------------------------------------------------------------------[\] New repository or package signing key received: Repository: NVIDIA Key Name: NVIDIA Corporation <linux-bugs@nvidia.com> Key Fingerprint: 9B763D49 D8A5C892 FC178BAC F5113243 C66B6EAE Key Created: Thu 15 Jun 2006 17:13:18 BST Key Expires: (does not expire) Subkey: F016EEAA03224CDD 2006-06-15 [does not expire] Rpm Name: gpg-pubkey-c66b6eae-4491871e Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a Warning: Digest verification failed for file 'susedata.xml.gz' [/var/tmp/AP_0xlApxLV/repodata/susedata.xml.gz] expected fa47ae8244fe7640f149d28964e604bf7e756da989d7e520f67216a96bb6cfb2 but got 1f4dc420bfbf3d1b423cd7c4e1ca6aa25d7a13daff70c64e412f0ed449602406 Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise. However if you made certain that the file with checksum '1f4d..' is secure, correct and should be used within this operation, enter the first 4 characters of the checksum to unblock using this file on your own risk. Empty input will discard the file. Unblock or discard? [1f4d/...? shows all options] (discard): ---snip--- -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 http://bugzilla.opensuse.org/show_bug.cgi?id=1175968#c2 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de Assignee|yast2-maintainers@suse.de |sndirsch@suse.com --- Comment #2 from Christian Boltz <suse-beta@cboltz.de> --- Stefan, since you maintain the nvidia-gfx* packages, I assume you have contacts to nvidia. Can you please ask them to fix the repo? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 http://bugzilla.opensuse.org/show_bug.cgi?id=1175968#c3 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Status|NEW |CONFIRMED Component|Installation |X11 3rd Party Driver QA Contact|jsrain@suse.com |sndirsch@suse.com Severity|Normal |Major --- Comment #3 from Stefan Dirsch <sndirsch@suse.com> --- Indeed. Repos is currently broken. 15.1 and 15.2 repos as well. :-( -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|YaST2 reports "Wrong |openSUSE 15.1, 15.2 and |Digest" for |Tumbleweed repos for NVIDIA |https://download.nvidia.com |driver broken |/opensuse/tumbleweed | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 http://bugzilla.opensuse.org/show_bug.cgi?id=1175968#c4 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ddadap@nvidia.com --- Comment #4 from Stefan Dirsch <sndirsch@suse.com> --- Adding my NVIDIA contact. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 http://bugzilla.opensuse.org/show_bug.cgi?id=1175968#c5 S. B. <sb56637@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sb56637@gmail.com --- Comment #5 from S. B. <sb56637@gmail.com> --- I confirmed that they have not changed their repo signing key, as I have a backup copy of it and I checked it against the current one. Could it be that they signed `susedata.xml.gz` with the wrong key? I don't really understand PGP all that well... But the repo contents are indeed still downloadable if you know the exact path/name. For example: https://download.nvidia.com/opensuse/tumbleweed/repodata/susedata.xml.gz The problem is that Zypper won't accept it and it throws those scary errors. This started late last week, I believe on Friday. It feels like they made a late Friday mistake and then took the weekend off and haven't noticed the problem yet. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 Markus Napp <mnapp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mnapp@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 Dobri Danchev <dobri@danchev.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dobri@danchev.net -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 Dobri Danchev <dobri@danchev.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|dobri@danchev.net | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com