Bug 953927 - provide sha256sum instructions on download page (or link to them)
provide sha256sum instructions on download page (or link to them)
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Release Notes
Leap 42.1
All All
: P5 - None : Normal (vote)
: ---
Assigned To: Ancor Gonzalez Sosa
Stephan Kulow
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-06 08:11 UTC by Jimmy Berry
Modified: 2017-08-19 06:52 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jimmy Berry 2015-11-06 08:11:00 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.49 Safari/537.36
Build Identifier: 

The instructions for checking the iso against the checksum should be easily accessible from the download page (https://software.opensuse.org/421/en). This applies to all releases (or at least Leap and Tumbleweed).

a) sha256sum is not defaultly available?
b) should not have to figure out command

Something along the lines of (for openSUSE users looking to upgrade):

zypper in coreutils
cd /dir/with/iso (maybe even reference shortcut from dolphin [shift + F4])
sha256sum --check openSUSE-Leap-42.1-DVD-x86_64.iso.sha256

and example output:

openSUSE-Leap-42.1-DVD-x86_64.iso: OK
sha256sum: WARNING: 15 lines are improperly formatted

So users know what to expect.
Additionally it seems the gpg signature causes the warning which as you can see from the conversation may be concerning to users since it says "WARNING" in all caps. Not sure if there is a simple fix to make sha256sum ignore the gpg signature, otherwise perhaps a grep/sed/etc command piped to remove the signature before usage.

Perhaps the best option is to simply link to a wiki page (perhaps it exists) that makes it easy to maintain and have users add various instructions for guis and other OS/distro starting points. Looks like the "Metalink" page may already been good enough and just need some simple command-line instructions for people looking for that quick check.

Reproducible: Always

Steps to Reproduce:
1. visit download page
2. download iso
3. download checksum
Actual Results:  
wonder how to proceed

Expected Results:  
copy/paste commands and execute to check

Real world example:

[01:26] <crypt0z> HI
[01:26] <crypt0z> someone know where in the wiki it's written how to check the iso file?
[01:27] <crypt0z> thanks in advance bro of Suse! o7
[01:28] <crypt0z> Nop?
[01:29] <boombatower> crypt0z: k3b will do it while you write
[01:29] <boombatower> otherwise whatever algorithm you used
[01:29] <boombatower> sha1sum [file] etc
[01:29] <boombatower> leap?
[01:29] <crypt0z> yes leap
[01:30] <boombatower> torrent client should also be able to do it
[01:30] <crypt0z> the problem is: i only found the sha256...
[01:30] <boombatower> sha256sum <filename>
[01:30] <crypt0z> i get sha256 command not found :/
[01:30] <crypt0z> ^^
[01:31] <boombatower> zypper wp sha256sum
[01:31] <crypt0z> that's why i was searching for the wiki pages Holgi :)
[01:31] <boombatower> rather zypper wp /usr/bin/sha256sum
[01:31] <boombatower> zypper in coreutils
[01:31] <boombatower> looks like has --check option
[01:32] <boombatower> so can probably do that if you download the checksum file next to iso
[01:32] <boombatower> suppose I should be seeding them anyway so I'll download it
[01:33] <boombatower> crypt0z: ^^
[01:33] <crypt0z> Ok ok
[01:33] <boombatower> zypper in coreutils (will install it)
[01:34] <crypt0z> ydone
[01:34] <crypt0z> any way to get the md5 file? (brasero don't support 256sum, fuck! x) )
[01:35] <crypt0z> i found it with ddg ! but well i need the file (i get the md5: 30f4f2f599735c36b84b8f3ad0eef3e2)
[01:35] <boombatower> why not just run the command?
[01:36] <crypt0z> because how the command will know the correct hash?
[01:36] <boombatower> http://download.opensuse.org/distribution/leap/42.1/iso/openSUSE-Leap-42.1-DVD-x86_64.iso.sha256
[01:36] <boombatower> link on download page
[01:36] <boombatower> that is correc tone
[01:37] <crypt0z> ok,thanks.
[01:37] <boombatower> sha256sum --check openSUSE-Leap-42.1-DVD-x86_64.iso.sha256
[01:37] <boombatower> if you want it to check for you do that
[01:37] <boombatower> otherwise do the sum on the iso and check the result manually
[01:38] <boombatower> i just had both files in same dir and ran that command
[01:39] <boombatower> not sure why all of what I just said isn't on download page
[01:39] <boombatower> or link
[01:41] <crypt0z> boombatower:  yep it would be very easier for n00b
[01:41] <crypt0z> ^^
[01:41] <crypt0z> thanks anyways man ! :3
[01:42] <boombatower> perhaps I'll file a bug
[01:42] <boombatower> np
[01:43] <boombatower> either ktorrent is bugged or my internet is too fast (doubtful) as it seems to have to stop and catch it's breath preriodically
[01:45] <crypt0z> boombatower: [user@userspc Downloads]$ sha256sum --check openSUSE-Leap-42.1-DVD-x86_64.iso.sha256 openSUSE-Leap-42.1-DVD-x86_64.iso: OK sha256sum: WARNING: 15 lines are improperly formatted [user@userspc Downloads]$
[01:45] <boombatower> yea I don't think it likes the gpg signature at the bottom
[01:45] <crypt0z> the "sha256sum: WARNING: 15 lines are improperly formatted" is important?
[01:45] <boombatower> but it says OK
[01:45] <crypt0z> yep whatever it said ok , so... =)
[01:45] <crypt0z> :D
[01:46] <crypt0z> LET BURN IT TO DEATH!!! *metal music, dead singer screaming*
[01:46] <boombatower> hehe, gl
[01:46] <crypt0z> :p
[01:46] <crypt0z> thanks mate !
[01:46] <boombatower> np
Comment 1 Ludwig Nussel 2015-11-06 14:30:44 UTC
untested:
https://github.com/openSUSE/software-o-o/pull/52
Comment 2 Karl Cheng 2017-08-19 06:52:11 UTC
New download page now links to "checksum help".