You are not logged in.

#1 2022-11-07 10:07:35

Awebb
Member
Registered: 2010-05-06
Posts: 6,049

[SOLVED] PGP and SHA mismatch on official image via torrent

When I download "Torrent for 2022.11.01: https://archlinux.org/releng/releases/2022.11.01/torrent/" and run it through either SHA256 or GPG, then it doesn't match.

SHA256 should be: df6749df55b02cec98e5a9177c7957acfb96fe14d04553b6e4714100a4824f68
SHA256 is: 6BCCEA78CFCF827DF59EBFC061227CEB650D9E7308A5B7F5AA5FC873F590BF68

GPG (Kleopatra) also reports, that the signature cannot be veriefied.

If I download the image from a mirror (https://mirror.informatik.tu-freiberg.de/arch/iso/2022.11.01/ for example), then the signatures are correct.

Can someone verify my findings? Are we in trouble?

EDIT: I have used three different torrent clients and the signatures match. It looks like aria2c on Windows does something icky to the files. SOLVED.

Last edited by Awebb (2022-11-07 10:31:39)

Offline

#2 2022-11-07 10:34:26

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,565
Website

Re: [SOLVED] PGP and SHA mismatch on official image via torrent

I just downloaded the torrent from your link and got a file with the correct checksum:

df6749df55b02cec98e5a9177c7957acfb96fe14d04553b6e4714100a4824f68  archlinux-2022.11.01-x86_64.iso

Are you sure that the torrent download completed successfully? What is the file's size?

 $  ls -l archlinux-2022.11.01-x86_64.iso
-rw-r--r-- 1 neumann neumann 820326400  7. Nov 11:30 archlinux-2022.11.01-x86_64.iso

Edit: Ninja'd

Last edited by schard (2022-11-07 10:34:54)


Солідарність з Україною

Offline

#3 2022-11-07 11:39:30

Awebb
Member
Registered: 2010-05-06
Posts: 6,049

Re: [SOLVED] PGP and SHA mismatch on official image via torrent

Thanks for checking, anyway! Those things are a bit scary.

Offline

Board footer

Powered by FluxBB