Hi,
I was doing my normal update for a Leap 15.6 and out of the blue an error came up like this:
The expected checksum of file /var/adm/mount/AP_0xShRttP/repodata/dea410af09483cd49737fb41b2248a27f1c4125894328bcba4594ab9a3616e16-primary.xml.gz
is dea410af09483cd49737fb41b2248a27f1c4125894328bcba4594ab9a3616e16,
but the current checksum is a8a4e1607a645174c774d36ce094ed91fc1ef467ecbabc722d6937f21cdf624b.
The file has been changed by accident or by an attacker
since the repository creator signed it. Using it is a big risk
for the integrity and security of your system.
Use it anyway?
Was this due to a server access fail since “the internet” is being a bit strange as of late or is this another problem.
This could also be from some update server not having been fully updated.
Is anyone having the same problem ?
Regards.
What is “normal” to you maybe unknown or even abnormal to others. Please always include the command you gave with the output. It is only one line more to copy/paste.
sudo zypper refresh
[...]
Refreshing service 'openSUSE'.
Looking for gpg keys in repository openSUSE:repo-oss.
gpgkey=http://cdn.opensuse.org/distribution/leap/16.0/repo/oss/x86_64/repodata/repomd.xml.key
Retrieving repository 'openSUSE:repo-oss' metadata -----------------------------------------------------------------------------------------------------------------[|]
Warning: Digest verification failed for file '5d811387e9141b5db2cf5383c13478cab7fe36968e1d846f1322d3178880fe6fad4e1f7c2160560febc861550b71458d656409ae9115f0cde6aac2bde219b4f3-appdata.xml.gz'
[/var/tmp/AP_0xAcKuxv/repodata/5d811387e9141b5db2cf5383c13478cab7fe36968e1d846f1322d3178880fe6fad4e1f7c2160560febc861550b71458d656409ae9115f0cde6aac2bde219b4f3-appdata.xml.gz]
expected 5d811387e9141b5db2cf5383c13478cab7fe36968e1d846f1322d3178880fe6fad4e1f7c2160560febc861550b71458d656409ae9115f0cde6aac2bde219b4f3
but got 7f6e61d61f5399bbbf9092905f6eb6d472a3a2c14babdf34bd73b6d107dc4a664b972df8b7bd6bba1f7d549621a744ab44356168485a31d222a34ccccddcd600
Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.
However if you made certain that the file with checksum '7f6e..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.
Unblock or discard? [7f6e/...? shows all options] (discard):
I can only provide my experience just now. After reading the OP’s post and @Wolfheri Reply (for Leap 16), I did a “zypper -vv up” for my Leap 15.6 and Leap 16 installs.
I had 6 package updates for 15.6 and 49 updates for 16. No checksum errors at all. The only issue I had, was for 16 - there was an issue with 3-4 package downloads related to the mirrors, so zypper auto switched to another mirror and the downloads were then okay.
So quite possibly, might be a problem with a mirror’s content. Maybe wait 15 or so minutes and try again.
@hcvv
What is “normal” to you maybe unknown or even abnormal to others. Please always include the command you gave with the output. It is only one line more to copy/paste.
I use Yast online update therefore I do not know what exact commands are used sorry.
I hadn’t even realised that there were timing gaps during which repositories would fail that way. I don’t recall having seen it happen before, although maybe…
How can I find out more about this syncing business? If there is a simple way around it I would like to know.
Can zypper avoid the problem even if Yast can’t? I got the same error as the OP when I asked Yast to refresh the repositories.
On the second thought, it may be unrelated to mirrors. The metadata is supposed to come from the central location. At least, when using download.opensuse.org with MirrorCache. I am not sure about cdn.opensuse.org. It is difficult to make guesses without knowing the exact repository path.
Yes, thank you, I did see your reply and read it carefully several times.
I am surprised to learn that you never use Yast for updates. I wonder why it has that feature, if experts do not use it. As a novice, I followed the manual, but I am glad to get better advice.
Repository 'Update repository with updates for openSUSE Leap debuginfo packages from openSUSE Backports' is up to date.
Repository 'Update repository of openSUSE Backports' is up to date.
Repository 'openSUSE-Leap-15.6-Update-Debug' is up to date.
Retrieving repository 'Update repository with debuginfo for updates from SUSE Linux Enterprise 15' metadata [..
Looking for gpg keys in repository Update repository with debuginfo for updates from SUSE Linux Enterprise 15.
gpgkey=http://download.opensuse.org/debug/update/leap/15.6/sle/repodata/repomd.xml.key
......
Warning: Digest verification failed for file '548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92-primary.xml.gz'
[/var/adm/mount/AP_0xGu34U1/repodata/548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92-primary.xml.gz]
expected 548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92
but got a915b073ea1bd7011bd101de93f6affe60c4bbc9ffb6dbabe08280151e3dc272
Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.
However if you made certain that the file with checksum 'a915..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.
Unblock or discard? [a915/...? shows all options] (discard): error]
Repository 'Update repository with debuginfo for updates from SUSE Linux Enterprise 15' is invalid.
[repo-sle-debug-update|http://download.opensuse.org/debug/update/leap/15.6/sle/] Failed to retrieve new repository metadata.
History:
- 548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92-primary.xml.gz has wrong checksum
Please check if the URIs defined for this repository are pointing to a valid repository.
Skipping repository 'Update repository with debuginfo for updates from SUSE Linux Enterprise 15' because of the above error.
Repository 'Update repository with updates from SUSE Linux Enterprise 15' is up to date.
Repository 'openSUSE-Leap-15.6-Update' is up to date.
Repository 'openSUSE-Leap-15.6-Update-Non-Oss' is up to date.
Repository 'Science' is up to date.
Repository 'home:duwe:crosstools2 (15.6)' is up to date.
Repository 'wkazubski's Home Project (15.6)' is up to date.
Repository 'electronics' is up to date.
Repository 'Packman Repository' is up to date.
Repository 'openSUSE:Backports:SLE-15-SP6' is up to date.
Repository 'hardware' is up to date.
Repository 'security' is up to date.
Repository 'Utilities' is up to date.
Repository 'Games' is up to date.
Repository 'openSUSE-Leap-15.6-Debug' is up to date.
Repository 'openSUSE-Leap-15.6-Debug-Non-Oss' is up to date.
Repository 'openSUSE-Leap-15.6-Non-Oss' is up to date.
Repository 'openSUSE-Leap-15.6-Oss' is up to date.
Repository 'openSUSE-Leap-15.6-Source' is up to date.
Repository 'openSUSE-Leap-15.6-Source-Non-Oss' is up to date.
Some of the repositories have not been refreshed because of an error.
I suspect as it has been mentioned ion here it is a problem of a update (proxy) server not being in sync.
Repository 'Update repository with updates for openSUSE Leap debuginfo packages from openSUSE Backports' is up to date.
Repository 'Update repository of openSUSE Backports' is up to date.
Repository 'openSUSE-Leap-15.6-Update-Debug' is up to date.
Retrieving repository 'Update repository with debuginfo for updates from SUSE Linux Enterprise 15' metadata [..
Looking for gpg keys in repository Update repository with debuginfo for updates from SUSE Linux Enterprise 15.
gpgkey=http://download.opensuse.org/debug/update/leap/15.6/sle/repodata/repomd.xml.key
......
Warning: Digest verification failed for file '548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92-primary.xml.gz'
[/var/adm/mount/AP_0xGu34U1/repodata/548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92-primary.xml.gz]
expected 548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92
but got a915b073ea1bd7011bd101de93f6affe60c4bbc9ffb6dbabe08280151e3dc272
Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise.
However if you made certain that the file with checksum 'a915..' is secure, correct
and should be used within this operation, enter the first 4 characters of the checksum
to unblock using this file on your own risk. Empty input will discard the file.
Unblock or discard? [a915/...? shows all options] (discard): error]
Repository 'Update repository with debuginfo for updates from SUSE Linux Enterprise 15' is invalid.
[repo-sle-debug-update|http://download.opensuse.org/debug/update/leap/15.6/sle/] Failed to retrieve new repository metadata.
History:
- 548c52fee698e33563b52be098bf64864a27da57c25751004d214241ac04dc92-primary.xml.gz has wrong checksum
Please check if the URIs defined for this repository are pointing to a valid repository.
Skipping repository 'Update repository with debuginfo for updates from SUSE Linux Enterprise 15' because of the above error.
Repository 'Update repository with updates from SUSE Linux Enterprise 15' is up to date.
Repository 'openSUSE-Leap-15.6-Update' is up to date.
Repository 'openSUSE-Leap-15.6-Update-Non-Oss' is up to date.
Repository 'Science' is up to date.
Repository 'home:duwe:crosstools2 (15.6)' is up to date.
Repository 'wkazubski's Home Project (15.6)' is up to date.
Repository 'electronics' is up to date.
Repository 'Packman Repository' is up to date.
Repository 'openSUSE:Backports:SLE-15-SP6' is up to date.
Repository 'hardware' is up to date.
Repository 'security' is up to date.
Repository 'Utilities' is up to date.
Repository 'Games' is up to date.
Repository 'openSUSE-Leap-15.6-Debug' is up to date.
Repository 'openSUSE-Leap-15.6-Debug-Non-Oss' is up to date.
Repository 'openSUSE-Leap-15.6-Non-Oss' is up to date.
Repository 'openSUSE-Leap-15.6-Oss' is up to date.
Repository 'openSUSE-Leap-15.6-Source' is up to date.
Repository 'openSUSE-Leap-15.6-Source-Non-Oss' is up to date.
Some of the repositories have not been refreshed because of an error.
I suspect as it has been mentioned ion here it is a problem of a update (proxy) server not being in sync.
Also note also the title of the thread is Yast update problem. but you are right I should have done that on the cli.
I’ve always been curious why folks are paranoid to show their complete command line, from initial execution to the following (empty) prompt … we don’t see exactly what was executed, unless it’s shown.
Let’s me execute the example recently suggested
machine :~ # zypper refresh |& tee ~/somefile.txt
Repository 'Update repository of openSUSE Backports' is up to date.
Repository 'Update repository with updates from SUSE Linux Enterprise 15' is up to date.
Repository 'Main Update Repository' is up to date.
Repository 'Update Repository (Non-Oss)' is up to date.
Repository 'Leap 15.6 Main repo' is up to date.
Repository 'Brave Browser' is up to date.
Repository 'Brave Browser - Beta' is up to date.
Repository 'google-chrome' is up to date.
Repository 'Non-OSS Repository' is up to date.
Repository 'Open H.264 Codec (openSUSE Leap)' is up to date.
All repositories have been refreshed.
machine :~ #
machine :~ # cat somefile.txt
Repository 'Update repository of openSUSE Backports' is up to date.
Repository 'Update repository with updates from SUSE Linux Enterprise 15' is up to date.
Repository 'Main Update Repository' is up to date.
Repository 'Update Repository (Non-Oss)' is up to date.
Repository 'Leap 15.6 Main repo' is up to date.
Repository 'Brave Browser' is up to date.
Repository 'Brave Browser - Beta' is up to date.
Repository 'google-chrome' is up to date.
Repository 'Non-OSS Repository' is up to date.
Repository 'Open H.264 Codec (openSUSE Leap)' is up to date.
All repositories have been refreshed.
machine :~ #
Okay, we see the results, from initial execution, until the subsequent empty prompt afterwards. No errors here (unless I missed it)
Of course, I already did a ‘zypper -vv up’ an hour or so ago.
And yes, I admit the focus is on “yast checksum problem” (title) and I only show “zypper -vv up” results. Mostly showing a different perspective, I guess.
2025-11-21 20:25:10 <1> 10(2486) [zypp::media] RepoInfo.cc(mirrorUrls):197 Detected opensuse.org baseUrl with no mirrors, requesting them from : http://download.opensuse.org/debug/update/leap/15.6/sle/?mirrorlist
It most certainly happened before as well.
No. You can force zypper/YaST to ignore mirror list by adding to the repository definition
mirrorlist=/tmp/no-such-file
like
10:~ # zypper refresh repo-sle-debug-update
Looking for gpg keys in repository Update repository with debuginfo for updates from SUSE Linux Enterprise 15.
gpgkey=http://download.opensuse.org/debug/update/leap/15.6/sle/repodata/repomd.xml.key
Retrieving repository 'Update repository with debuginfo for updates from SUSE Linux Enter[done]
Building repository 'Update repository with debuginfo for updates from SUSE Linux Enterpr[done]
Specified repositories have been refreshed.
10:~ # grep mirrorlist /etc/zypp/repos.d/repo-sle-debug-update.repo
mirrorlist=/tmp/empty
10:~ #
Of course, it needs to be reverted after the problem is resolved.
Wait for a couple of days, if the problem still persists - you really need to get in touch with the admins of the respective mirror. Missing files are not a problem - partially downloaded files are.
Oh, and the question is - do you really need the debug repository? Are you going to analyze core dumps?