On Thu, Sep 15, 2022 at 8:17 AM Stephan Kulow <coolo@suse.de> wrote:
Am 14.09.22 um 17:47 schrieb Per Jessen:
Confirm - the difference is that the nonversioned iso file is a symlink, where as the nonversioned sha256 file is not. For whatever reason, mirrorbache sends an http302 to the symlinked file, which seems(!) to be the issue. If mirrorbache would just send a redirect to the original/correct name, nobody gets to see the versioned iso, which I believe is what we want. But the checksum file's content refers to the versioned iso - that's the original report is about.
Actually it was exactly the opposite way. When you use download.o.o or get.o.o with your browser and request openSUSE-Leap-15.4-DVD-x86_64-Media.iso you get openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso; and when you download openSUSE-Leap-15.4-DVD-x86_64-Media.iso.sha256 to verify checksum you get openSUSE-Leap-15.4-DVD-x86_64-Media.iso.sha256 with file name openSUSE-Leap-15.4-DVD-x86_64-Media.iso inside. Which does not match the ISO image that you just downloaded.
And that checksum file needs to be versioned as well for that reason.
Sure. There is also openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256 which correctly matches openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso. But that is not what is offered by get.o.o. I looked at Ubuntu and Fedora mirrors and none of them contain similar symlinks. Somehow they manage to offer only versioned images.