The file https://cloud.centos.org/centos/8/x86_64/images/CHECKSUM does not contain checksums for all files that are in https://cloud.centos.org/centos/8/x86_64/images.
It contains this:
# CentOS-8-Container-8.2.2004-20200611.2.x86_64.tar.xz: 46459604 bytes SHA256 (CentOS-8-Container-8.2.2004-20200611.2.x86_64.tar.xz) = 9f4b3d3ed01917e4d16f1e6c218f6b904bbd5714b38f147f4ff46657810c7555 # CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2: 1165338624 bytes SHA256 (CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2) = d8984b9baee57b127abce310def0f4c3c9d5b3cea7ea8451fc4ffcbc9935b640 # CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-libvirt.box: 801665073 bytes SHA256 (CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-libvirt.box) = e91d44d96c64f015ae943d66525f4c9d763c28b91440d5741d79226c44c45f86 # CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-virtualbox.box: 822251520 bytes SHA256 (CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-virtualbox.box) = 698b0d9c6c3f31a4fd1c655196a5f7fc224434112753ab6cb3218493a86202de # CentOS-8-ec2-8.2.2004-20200611.2.x86_64.qcow2: 1191549440 bytes SHA256 (CentOS-8-ec2-8.2.2004-20200611.2.x86_64.qcow2) = 74d8e7cdc62b3ac5a1719c642a8aa4c9915ca65d86e4dff9a446be44acf13c37
i.e. checksums for various 8.2 versions variants.
However, the directory also contains versions 8.1 and 8.3. Since we can't verify these versions, we can't be assured that they are safe and not tampered with.
Metadata Update from @arrfab: - Issue assigned to bstinson - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: high-gain, low-trouble
Metadata Update from @arrfab: - Issue tagged with: centos-build-pipeline
triaging , so @bstinson , @hughesjr and @carlwgeorge : can we get a status on this one ? Reproducing the CHECKSUM through a build step in your push to mirror process can be added to merge new and existing file all together ?
Metadata Update from @arrfab: - Issue assigned to carlwgeorge (was: bstinson)
Just checked after the 8.4.2105 release and it's looking good, so closing (old) ticket
Metadata Update from @arrfab: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.