I was just trying to update my tumbleweed system (have 1829 pending updates) and got a checksum digest verification error on libmbedcrypto16-3.6.6-1.2. I have done the following to retry and check where the problem might be.
sudo rm -rf /var/cache/zypp/packages/*
sudo zypper clean --all
sudo zypper refresh --force
with output:
All repositories have been cleaned up.
Forcing raw metadata refresh
Looking for gpg keys in repository Main Update Repository.
gpgkey=http://download.opensuse.org/update/tumbleweed/repodata/repomd.xml.key
Retrieving repository 'Main Update Repository' metadata .................................................................................................................................[done]
Forcing building of repository cache
Building repository 'Main Update Repository' cache ......................................................................................................................................[done]
Forcing raw metadata refresh
Looking for gpg keys in repository Main Repository (NON-OSS).
gpgkey=http://download.opensuse.org/tumbleweed/repo/non-oss/repodata/repomd.xml.key
Retrieving repository 'Main Repository (NON-OSS)' metadata ..............................................................................................................................[done]
Forcing building of repository cache
Building repository 'Main Repository (NON-OSS)' cache ...................................................................................................................................[done]
Forcing raw metadata refresh
Looking for gpg keys in repository Main Repository (OSS).
gpgkey=https://download.opensuse.org/tumbleweed/repo/oss/repodata/repomd.xml.key
Retrieving repository 'Main Repository (OSS)' metadata ..................................................................................................................................[done]
Forcing building of repository cache
Building repository 'Main Repository (OSS)' cache .......................................................................................................................................[done]
Forcing raw metadata refresh
Retrieving repository 'Open H.264 Codec (openSUSE Tumbleweed)' metadata .................................................................................................................[done]
Forcing building of repository cache
Building repository 'Open H.264 Codec (openSUSE Tumbleweed)' cache ......................................................................................................................[done]
All repositories have been refreshed.
Relevant sudo zypper -vvv dup where:
Retrieving: libmbedcrypto16-3.6.6-1.2.x86_64 (Main Repository (OSS)) (740/1829), 617.1 KiB
Retrieving: https://ftp.acc.umu.se/mirror/opensuse.org/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm .............................................................[not found]
Retrieving: https://mirror.accum.se/mirror/opensuse.org/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm ............................................................[not found]
Retrieving: https://mirror.aardsoft.fi/opensuse/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm .........................................................................[done]
Warning: Digest verification failed for file 'libmbedcrypto16-3.6.6-1.2.x86_64.rpm'
[/var/tmp/zypp.tmp/AP_0x8NRChG/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm]
expected 1521a56b09dc64e6c5511d8f3111c58a3b1bdb63ce0535273099fab5ecf2cf82aa1c946529d07d2a02b68654374192fd267df90ad3d3ab260631e79fe4c261af
but got f1905f58ec69b547e379a6b4181715105d740553682932ab1f581fd70135073288647b2473590a3b18fc7463ae1b0fb3f1b93332a0c838babe45ad3c4f07475f
Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.
However if you made certain that the file with checksum 'f190..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.
Ran sudo zypper -vvv in libmbedcrypto16 which gave:
Verbosity: 3
Non-option program arguments: 'libmbedcrypto16'
Initializing Target
Checking whether to refresh metadata for Main Repository (NON-OSS)
Retrieving: http://download.opensuse.org/tumbleweed/repo/non-oss/repodata/repomd.xml ........................................................................................[done (2.5 KiB/s)]
Checking whether to refresh metadata for Main Repository (OSS)
Retrieving: https://download.opensuse.org/tumbleweed/repo/oss/repodata/repomd.xml ..........................................................................................[done (13.8 KiB/s)]
Checking whether to refresh metadata for Main Update Repository
Retrieving: http://download.opensuse.org/update/tumbleweed/repodata/repomd.xml ..............................................................................................[done (3.5 KiB/s)]
Checking whether to refresh metadata for Open H.264 Codec (openSUSE Tumbleweed)
Retrieving: http://codecs.opensuse.org/openh264/openSUSE_Tumbleweed/repodata/repomd.xml .....................................................................................[done (2.9 KiB/s)]
Loading repository data...
Reading installed packages...
Selecting 'libmbedcrypto16-3.6.6-1.2.x86_64' from repository 'Main Repository (OSS)' for installation.
Resolving package dependencies...
Force resolution: No
The following 1827 package updates will NOT be installed:
7zip 26.01-1.2 x86_64 Main Repository (OSS) openSUSE
aaa_base 84.87+git20260610.3b5a868c-1.2 x86_64 Main Repository (OSS) openSUSE
...
zstd 1.5.7-4.3 x86_64 Main Repository (OSS) openSUSE
zypper 1.14.98-1.2 x86_64 Main Repository (OSS) openSUSE
zypper-log 1.14.98-1.2 noarch Main Repository (OSS) openSUSE
zypper-needs-restarting 1.14.98-1.2 noarch Main Repository (OSS) openSUSE
The following product update will NOT be installed:
openSUSE Tumbleweed 20260703-0 x86_64 Main Repository (OSS) openSUSE
The following 2 packages are going to be upgraded:
libmbedcrypto16 3.6.6-1.1 -> 3.6.6-1.2 x86_64 Main Repository (OSS) openSUSE
libmbedcrypto16-x86-64-v3 3.6.6-1.1 -> 3.6.6-1.2 x86_64 Main Repository (OSS) openSUSE
2 packages to upgrade.
Package download size: 1.2 MiB
Package install size change:
| 1.2 MiB required by packages that will be installed
0 B | - 1.2 MiB released by packages that will be removed
Backend: classic_rpmtrans
Continue? [y/n/v/...? shows all options] (y):
And when I check the checksum of the package via
curl -L -o /tmp/libmbedcrypto16.rpm https://cdn.opensuse.org/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm
sha512sum /tmp/libmbedcrypto16.rpm
I received the following:
f1905f58ec69b547e379a6b4181715105d740553682932ab1f581fd70135073288647b2473590a3b18fc7463ae1b0fb3f1b93332a0c838babe45ad3c4f07475f /tmp/libmbedcrypto16.rpm