Tumbleweed libmbedcrypto16-3.6.6-1.2 mirror mismatch

I was just trying to update my tumbleweed system (have 1829 pending updates) and got a checksum digest verification error on libmbedcrypto16-3.6.6-1.2. I have done the following to retry and check where the problem might be.

sudo rm -rf /var/cache/zypp/packages/*
sudo zypper clean --all
sudo zypper refresh --force

with output:

All repositories have been cleaned up.
Forcing raw metadata refresh
Looking for gpg keys in repository Main Update Repository.
  gpgkey=http://download.opensuse.org/update/tumbleweed/repodata/repomd.xml.key
Retrieving repository 'Main Update Repository' metadata .................................................................................................................................[done]
Forcing building of repository cache
Building repository 'Main Update Repository' cache ......................................................................................................................................[done]
Forcing raw metadata refresh
Looking for gpg keys in repository Main Repository (NON-OSS).
  gpgkey=http://download.opensuse.org/tumbleweed/repo/non-oss/repodata/repomd.xml.key
Retrieving repository 'Main Repository (NON-OSS)' metadata ..............................................................................................................................[done]
Forcing building of repository cache
Building repository 'Main Repository (NON-OSS)' cache ...................................................................................................................................[done]
Forcing raw metadata refresh
Looking for gpg keys in repository Main Repository (OSS).
  gpgkey=https://download.opensuse.org/tumbleweed/repo/oss/repodata/repomd.xml.key
Retrieving repository 'Main Repository (OSS)' metadata ..................................................................................................................................[done]
Forcing building of repository cache
Building repository 'Main Repository (OSS)' cache .......................................................................................................................................[done]
Forcing raw metadata refresh
Retrieving repository 'Open H.264 Codec (openSUSE Tumbleweed)' metadata .................................................................................................................[done]
Forcing building of repository cache
Building repository 'Open H.264 Codec (openSUSE Tumbleweed)' cache ......................................................................................................................[done]
All repositories have been refreshed.

Relevant sudo zypper -vvv dup where:

Retrieving: libmbedcrypto16-3.6.6-1.2.x86_64 (Main Repository (OSS))                                                                                                  (740/1829), 617.1 KiB
Retrieving: https://ftp.acc.umu.se/mirror/opensuse.org/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm .............................................................[not found]
Retrieving: https://mirror.accum.se/mirror/opensuse.org/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm ............................................................[not found]
Retrieving: https://mirror.aardsoft.fi/opensuse/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm .........................................................................[done]

Warning: Digest verification failed for file 'libmbedcrypto16-3.6.6-1.2.x86_64.rpm'
[/var/tmp/zypp.tmp/AP_0x8NRChG/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm]

  expected 1521a56b09dc64e6c5511d8f3111c58a3b1bdb63ce0535273099fab5ecf2cf82aa1c946529d07d2a02b68654374192fd267df90ad3d3ab260631e79fe4c261af
  but got  f1905f58ec69b547e379a6b4181715105d740553682932ab1f581fd70135073288647b2473590a3b18fc7463ae1b0fb3f1b93332a0c838babe45ad3c4f07475f

Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.

However if you made certain that the file with checksum 'f190..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.

Ran sudo zypper -vvv in libmbedcrypto16 which gave:

Verbosity: 3
Non-option program arguments: 'libmbedcrypto16'
Initializing Target
Checking whether to refresh metadata for Main Repository (NON-OSS)
Retrieving: http://download.opensuse.org/tumbleweed/repo/non-oss/repodata/repomd.xml ........................................................................................[done (2.5 KiB/s)]
Checking whether to refresh metadata for Main Repository (OSS)
Retrieving: https://download.opensuse.org/tumbleweed/repo/oss/repodata/repomd.xml ..........................................................................................[done (13.8 KiB/s)]
Checking whether to refresh metadata for Main Update Repository
Retrieving: http://download.opensuse.org/update/tumbleweed/repodata/repomd.xml ..............................................................................................[done (3.5 KiB/s)]
Checking whether to refresh metadata for Open H.264 Codec (openSUSE Tumbleweed)
Retrieving: http://codecs.opensuse.org/openh264/openSUSE_Tumbleweed/repodata/repomd.xml .....................................................................................[done (2.9 KiB/s)]
Loading repository data...
Reading installed packages...
Selecting 'libmbedcrypto16-3.6.6-1.2.x86_64' from repository 'Main Repository (OSS)' for installation.
Resolving package dependencies...
Force resolution: No

The following 1827 package updates will NOT be installed:
  7zip                                        26.01-1.2                       x86_64  Main Repository (OSS)      openSUSE
  aaa_base                                    84.87+git20260610.3b5a868c-1.2  x86_64  Main Repository (OSS)      openSUSE 
 ...
  zstd                                        1.5.7-4.3                       x86_64  Main Repository (OSS)      openSUSE
  zypper                                      1.14.98-1.2                     x86_64  Main Repository (OSS)      openSUSE
  zypper-log                                  1.14.98-1.2                     noarch  Main Repository (OSS)      openSUSE
  zypper-needs-restarting                     1.14.98-1.2                     noarch  Main Repository (OSS)      openSUSE

The following product update will NOT be installed:
  openSUSE Tumbleweed  20260703-0  x86_64  Main Repository (OSS)  openSUSE

The following 2 packages are going to be upgraded:
  libmbedcrypto16            3.6.6-1.1 -> 3.6.6-1.2  x86_64  Main Repository (OSS)  openSUSE
  libmbedcrypto16-x86-64-v3  3.6.6-1.1 -> 3.6.6-1.2  x86_64  Main Repository (OSS)  openSUSE

2 packages to upgrade.

Package download size:     1.2 MiB

Package install size change:
            |       1.2 MiB  required by packages that will be installed
       0 B  |  -    1.2 MiB  released by packages that will be removed

Backend:  classic_rpmtrans
Continue? [y/n/v/...? shows all options] (y):

And when I check the checksum of the package via

curl -L -o /tmp/libmbedcrypto16.rpm https://cdn.opensuse.org/tumbleweed/repo/oss/x86_64/libmbedcrypto16-3.6.6-1.2.x86_64.rpm
sha512sum /tmp/libmbedcrypto16.rpm

I received the following:

f1905f58ec69b547e379a6b4181715105d740553682932ab1f581fd70135073288647b2473590a3b18fc7463ae1b0fb3f1b93332a0c838babe45ad3c4f07475f  /tmp/libmbedcrypto16.rpm
1 Like

I am having the same exact problem, I am just patiently waiting for it to be resolved.

That are usual issues of not properly synced mirrors. Happens regularly.

  • wait
    or
  • install openSUSE-repos-Tumbleweed and use cdn.o.o
    or
  • choose a fixed mirror
3 Likes