Bug 2214169

Summary: Unable to verify checksum of the image in latest centos:stream9 image
Product: Red Hat Enterprise Linux 9 Reporter: Delyan Yanev <delyan.yanev>
Component: distributionAssignee: Troy Dawson <tdawson>
Status: CLOSED CURRENTRELEASE QA Contact: Release Test Team <release-test-team>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, jwboyer, tdawson
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-27 18:06:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Delyan Yanev 2023-06-12 07:44:09 UTC 
Description of problem:

Although there are "latest" image for CentOS 9 Stream images (e.g. https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2) there is no checksum of the latest image into checksum file https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM.
Instead they contain check-sums of "timestamped" files.

For example, the https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM file has the following content:

    # CentOS-Stream-GenericCloud-9-20220621.1.x86_64.qcow2: 866518016 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220621.1.x86_64.qcow2) = 4f3b7219ae0fd1b77546ccbdadbd585739f690f505f3f2f4b326234c3c7d4742
# CentOS-Stream-GenericCloud-9-20220718.0.x86_64.qcow2: 911226368 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220718.0.x86_64.qcow2) = bd2b244be4ec4900d4a53500b4681e1df1691477e4b686bc588aad4c8436485c
# CentOS-Stream-GenericCloud-9-20220829.0.x86_64.qcow2: 950435328 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220829.0.x86_64.qcow2) = 2473d6ed489abd1267c794933b10f6d2a0b99f261c90d1033c6442c834044f2e
# CentOS-Stream-GenericCloud-9-20220914.0.x86_64.qcow2: 950457856 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220914.0.x86_64.qcow2) = b6f9957099939546fe3767660728ee9eba93fc61adaa469fcecb956ba4bb85de
# CentOS-Stream-GenericCloud-9-20221024.0.x86_64.qcow2: 934675456 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20221024.0.x86_64.qcow2) = 1ca84aa6a7b52792bdbfe835fefccda8661e756a862aa864a2e1003fba5b9f1f
# CentOS-Stream-GenericCloud-9-20221123.0.x86_64.qcow2: 984195072 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20221123.0.x86_64.qcow2) = ea3301463f91c2a45063b6223bd7af59cae89d4782df261c9664b7e3b5a367a4
# CentOS-Stream-GenericCloud-9-20221219.0.x86_64.qcow2: 962627072 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20221219.0.x86_64.qcow2) = 3cf1dc23896cde2b4e80cab6fb56c21329ebcfbb72d2a758206ec6d5d0e8f43b
# CentOS-Stream-GenericCloud-9-20230116.0.x86_64.qcow2: 986631680 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230116.0.x86_64.qcow2) = 83cc49178283827f2509c86cff15651dfd8bd12841de8bc47383474da48960e1
# CentOS-Stream-GenericCloud-9-20230216.0.x86_64.qcow2: 971965440 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230216.0.x86_64.qcow2) = 722adaa9775672feb4687dd24685d5d1f071f915109b1381c143f1b1c24c7c46
# CentOS-Stream-GenericCloud-9-20230327.0.x86_64.qcow2: 1005593088 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230327.0.x86_64.qcow2) = 3e58e61ef21192cc1ceca7bdf478c70ff2c2a8473811648b5cda200b5e080fc4
# CentOS-Stream-GenericCloud-9-20230501.0.x86_64.qcow2: 1016121344 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230501.0.x86_64.qcow2) = 0055ff05fa5a1fc0954c8a6ae63636fd3a1170c96a1bbd14f2677c3a919b7f0c
# CentOS-Stream-GenericCloud-9-20230508.0.x86_64.qcow2: 1027290624 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230508.0.x86_64.qcow2) = a6e3ef524cb1501bd58fe198bc759a9ebd6701c94c6a2a7ec8611a3c9fb1ebba
# CentOS-Stream-GenericCloud-9-20230516.0.x86_64.qcow2: 1023676928 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230516.0.x86_64.qcow2) = 1f5688026c9bc89b24965368da6fb93e80e38c521e404158c2f43e21baf0cf68
# CentOS-Stream-GenericCloud-9-20230523.0.x86_64.qcow2: 1080652288 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230523.0.x86_64.qcow2) = 47dca0f014aff27bad5a4156f7ce3168fc339546d6e66bfaf52617a773f05bf0
# CentOS-Stream-GenericCloud-9-20230530.1.x86_64.qcow2: 1076760064 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230530.1.x86_64.qcow2) = 26d0e102a74a4b24e03792e1ac6d73f26552a44dfd3e52a350b17a9e0da10efd
# CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2: 1058114048 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2) = 6193a49c545425f99d23f59ea792f79a7a6b2e3557fc2d3f6d42c3e5274061de
# CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2: 1058114048 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2) = 6193a49c545425f99d23f59ea792f79a7a6b2e3557fc2d3f6d42c3e5274061de

so it can't be used to verify the latest CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2 file.

Version-Release number of selected component (if applicable):

CentOS Stream 9

How reproducible:


Steps to Reproduce:
1. Download the https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2 file
2. Download the https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM file
3. Run the following command:
   sha256sum -c CHECKSUM

Actual results:

It fails with the following output:

Expected results:

It should pass the check:

    CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2: OK

Additional info:

We cannot verify the content and use the latest image
Comment 1 Adam Samalik 2023-06-15 10:26:11 UTC 
Thanks for reporting this!

The latest image is technically just a symlink to the "dated" image. So right now these two should be the same:
CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2
CentOS-Stream-GenericCloud-9-20230612.0.x86_64.qcow2

But the -latest one isn't listed, you're right. 


As a workaround, can you please use the "dated" image? (Or check the checksum of the -latest against the dated entry?)


I opened https://issues.redhat.com/browse/CS-1643 to track the work.
Comment 2 Delyan Yanev 2023-06-15 10:43:58 UTC 
This workaround is not very useful in the CI/CD cycle because we need to use the "latest" static image name and if the content of the checksum and name of the image is not part of the checksum files the verification will failed with "No such file or directory".
Comment 3 Troy Dawson 2023-06-15 14:38:17 UTC 
You are correct.
When I setup the -latest things, my mind totally blanked on how checksums are used.
I've already got a fix in our scripts.
Next weeks push out of the weekly compose should have things correct.
Comment 4 Delyan Yanev 2023-06-15 16:06:35 UTC 
Thank you for your support and help.
Comment 5 Delyan Yanev 2023-06-19 06:25:52 UTC 
Could you adapt also the other cases 2214173 and 2214178. Thanks in advance.
Comment 6 Troy Dawson 2023-06-20 17:02:55 UTC 
I can fix CentOS Stream 8's (2214173) but not CentOS Linux 7 (2214178).  I have no access to the 7 infrastructure.

Note: We had some compose failures on this weeks CentOS Stream 8 and 9 production composes, so this weeks releases are taking longer than usual.
Comment 7 Troy Dawson 2023-06-27 18:06:25 UTC 
I have verified that this has been fixed with this weeks compose release.
Comment 8 Delyan Yanev 2023-06-28 08:47:59 UTC 
Confirmed. Thank you very much for your support.