centos-infra

Clone
Source Code
GIT

#191 https://cloud.centos.org/centos/8/x86_64/images/CHECKSUM is missing checksums
Closed: Fixed 2 years ago by arrfab. Opened 3 years ago by oseibertsys11.

Closed: Fixed
Reopen Issue

The file https://cloud.centos.org/centos/8/x86_64/images/CHECKSUM does not contain checksums for all files that are in https://cloud.centos.org/centos/8/x86_64/images.

It contains this:

# CentOS-8-Container-8.2.2004-20200611.2.x86_64.tar.xz: 46459604 bytes
SHA256 (CentOS-8-Container-8.2.2004-20200611.2.x86_64.tar.xz) = 9f4b3d3ed01917e4d16f1e6c218f6b904bbd5714b38f147f4ff46657810c7555
# CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2: 1165338624 bytes
SHA256 (CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2) = d8984b9baee57b127abce310def0f4c3c9d5b3cea7ea8451fc4ffcbc9935b640
# CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-libvirt.box: 801665073 bytes
SHA256 (CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-libvirt.box) = e91d44d96c64f015ae943d66525f4c9d763c28b91440d5741d79226c44c45f86
# CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-virtualbox.box: 822251520 bytes
SHA256 (CentOS-8-Vagrant-8.2.2004-20200611.2.x86_64.vagrant-virtualbox.box) = 698b0d9c6c3f31a4fd1c655196a5f7fc224434112753ab6cb3218493a86202de
# CentOS-8-ec2-8.2.2004-20200611.2.x86_64.qcow2: 1191549440 bytes
SHA256 (CentOS-8-ec2-8.2.2004-20200611.2.x86_64.qcow2) = 74d8e7cdc62b3ac5a1719c642a8aa4c9915ca65d86e4dff9a446be44acf13c37

i.e. checksums for various 8.2 versions variants.

However, the directory also contains versions 8.1 and 8.3.
Since we can't verify these versions, we can't be assured that they are safe and not tampered with.

Metadata Update from @arrfab:
- Issue assigned to bstinson
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: high-gain, low-trouble
3 years ago

Metadata Update from @arrfab:
- Issue tagged with: centos-build-pipeline
3 years ago

triaging , so @bstinson , @hughesjr and @carlwgeorge : can we get a status on this one ?
Reproducing the CHECKSUM through a build step in your push to mirror process can be added to merge new and existing file all together ?

Metadata Update from @arrfab:
- Issue assigned to carlwgeorge (was: bstinson)
2 years ago

Just checked after the 8.4.2105 release and it's looking good, so closing (old) ticket

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
2 years ago

Login to comment on this ticket.

Metadata

low-trouble high-gain centos-build-pipeline

None
None
Waiting on Assignee
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.