Wrong checksums when retrieving repository 'openSUSE-13.2-Update

michalng · August 17, 2015, 12:25am

zypper dup

Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatiblet this command.
Retrieving repository ‘openSUSE-13.2-Update’ metadata ------------------------------------------------------------------------Retrieving repository ‘openSUSE-13.2-Update’ metadata ------------------------------------/]

Warning: Digest verification failed for file ‘b027d11dc11d6e216f08197182aa6cf4e275c19b42a63db497362b43c4b3b7ac-appdata.xml.gz’
[/var/cache/zypp/raw/repo-updateCFfprG/repodata/b027d11dc11d6e216f08197182aa6cf4e275c19b42a63db497362b43c4b3b7ac-appdata.xml.gz]

expected 49ceea0b4426083b43f537213a8bca8e515533ae149f6eef165c6a676e3d8953
but got d3e7bf39c20b45b274205a01acb982d92befdb0657856904c9624af66e7867e7

Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.

However if you made certain that the file with checksum ‘d3e7…’ is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.

Unblock or discard? [d3e7/? shows all options] (discard):

Anyone come across this problem?

nrickert · August 17, 2015, 1:44am

I seem to recall occasionally seeing something similar.

You are probably accessing the repo (or a mirror) while it is in the middle of being updated. Try again after an hour or two.

robin_listas · August 17, 2015, 2:04am

On 2015-08-17 00:26, michalng wrote:
>
> # zypper dup

Why are you doing a “dup” on 13.2? :-?

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

I_A · August 17, 2015, 3:25am

I really don’t think you can use dup with the update repository.
use dup to set packman as the system repo or go to go back to the oss repo or fix a broken system, don’t use dup with all repositories on a stable 13.2 system.

michalng · August 17, 2015, 12:32pm

Was thinking the same but the error has been here for the past few days.

michalng · August 17, 2015, 12:35pm

Hi Carlos,

same problem with zypper up and zypper ref

# zypper up
Retrieving repository 'openSUSE-13.2-Update' metadata ---------------------------------------------------------------------|]

Warning: Digest verification failed for file 'b027d11dc11d6e216f08197182aa6cf4e275c19b42a63db497362b43c4b3b7ac-appdata.xml.gz'
[/var/cache/zypp/raw/repo-updatefS0MDr/repodata/b027d11dc11d6e216f08197182aa6cf4e275c19b42a63db497362b43c4b3b7ac-appdata.xml.gz]

  expected 49ceea0b4426083b43f537213a8bca8e515533ae149f6eef165c6a676e3d8953
  but got  d3e7bf39c20b45b274205a01acb982d92befdb0657856904c9624af66e7867e7

Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.

However if you made certain that the file with checksum 'd3e7..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.

Unblock or discard? [d3e7/? shows all options] (discard):

# zypper ref
Repository 'Packman' is up to date.                                                                                           
Repository 'Virtualbox' is up to date.                                                                                        
Repository 'X11:Utilities' is up to date.                                                                                     
Repository 'X11_Windowmanagers' is up to date.                                                                                
Repository 'filesystems' is up to date.                                                                                       
Repository 'google-chrome' is up to date.                                                                                     
Repository 'openSUSE-13.2-Non-Oss' is up to date.                                                                             
Repository 'openSUSE-13.2-Oss' is up to date.                                                                                 
Retrieving repository 'openSUSE-13.2-Update' metadata ---------------------------------------------------------------------/]

Warning: Digest verification failed for file 'b027d11dc11d6e216f08197182aa6cf4e275c19b42a63db497362b43c4b3b7ac-appdata.xml.gz'
[/var/cache/zypp/raw/repo-updatezQFvY0/repodata/b027d11dc11d6e216f08197182aa6cf4e275c19b42a63db497362b43c4b3b7ac-appdata.xml.gz]

  expected 49ceea0b4426083b43f537213a8bca8e515533ae149f6eef165c6a676e3d8953
  but got  d3e7bf39c20b45b274205a01acb982d92befdb0657856904c9624af66e7867e7

Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.

However if you made certain that the file with checksum 'd3e7..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.

Unblock or discard? [d3e7/? shows all options] (discard):

robin_listas · August 17, 2015, 3:24pm

On 2015-08-17 12:36, michalng wrote:

> same problem with zypper up and zypper ref

Try a zypper clean, then zypper ref.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

michalng · August 18, 2015, 12:39pm

Hi Carlos, thanks for the suggestion but still the same error.

michalng · August 18, 2015, 12:46pm

An update and thanks to all that have helped.

Believe that the repo openSUSE-13.2-Update (http://download.opensuse.org/update/13.2/) is just a redirect to the fastest repo as detected by the machine.

To overcome this error, I have done the following:

**1. Disable repo openSUSE-13.2-Update (http://download.opensuse.org/update/13.2/)
2. Go to http://mirrors.opensuse.org/ and manually select a mirror near you (eg http://ftp.halifax.rwth-aachen.de/opensuse/update/13.2/)
3. Manually add repo item 2 into Yast.
**
That solves the problem, of course may not be the “fastest” mirror available but still better then accepting an unknown error.

Hope this info is useful to others.

robin_listas · August 18, 2015, 2:28pm

On 2015-08-18 12:56, michalng wrote:

> Hope this info is useful to others.

Well, yes, this is a known solution.

Another method I use is edit the file
/etc/zypp/repos.d/repo-update.repo, and change the URL. You can keep the
old URL as a comment.

Notice that finding a mirror repo that gives bad packages is a thing
that should be reported to the people that maintain the mirror brain thing.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))