Bug 2214169 - Unable to verify checksum of the image in latest centos:stream9 image
Summary: Unable to verify checksum of the image in latest centos:stream9 image
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: distribution
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Troy Dawson
QA Contact: Release Test Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-06-12 07:44 UTC by Delyan Yanev
Modified: 2023-06-28 08:47 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-06-27 18:06:25 UTC
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-159483 0 None None None 2023-06-12 07:49:19 UTC

Description Delyan Yanev 2023-06-12 07:44:09 UTC
Description of problem:

Although there are "latest" image for CentOS 9 Stream images (e.g. https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2) there is no checksum of the latest image into checksum file https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM.
Instead they contain check-sums of "timestamped" files.

For example, the https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM file has the following content:

    # CentOS-Stream-GenericCloud-9-20220621.1.x86_64.qcow2: 866518016 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220621.1.x86_64.qcow2) = 4f3b7219ae0fd1b77546ccbdadbd585739f690f505f3f2f4b326234c3c7d4742
# CentOS-Stream-GenericCloud-9-20220718.0.x86_64.qcow2: 911226368 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220718.0.x86_64.qcow2) = bd2b244be4ec4900d4a53500b4681e1df1691477e4b686bc588aad4c8436485c
# CentOS-Stream-GenericCloud-9-20220829.0.x86_64.qcow2: 950435328 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220829.0.x86_64.qcow2) = 2473d6ed489abd1267c794933b10f6d2a0b99f261c90d1033c6442c834044f2e
# CentOS-Stream-GenericCloud-9-20220914.0.x86_64.qcow2: 950457856 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20220914.0.x86_64.qcow2) = b6f9957099939546fe3767660728ee9eba93fc61adaa469fcecb956ba4bb85de
# CentOS-Stream-GenericCloud-9-20221024.0.x86_64.qcow2: 934675456 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20221024.0.x86_64.qcow2) = 1ca84aa6a7b52792bdbfe835fefccda8661e756a862aa864a2e1003fba5b9f1f
# CentOS-Stream-GenericCloud-9-20221123.0.x86_64.qcow2: 984195072 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20221123.0.x86_64.qcow2) = ea3301463f91c2a45063b6223bd7af59cae89d4782df261c9664b7e3b5a367a4
# CentOS-Stream-GenericCloud-9-20221219.0.x86_64.qcow2: 962627072 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20221219.0.x86_64.qcow2) = 3cf1dc23896cde2b4e80cab6fb56c21329ebcfbb72d2a758206ec6d5d0e8f43b
# CentOS-Stream-GenericCloud-9-20230116.0.x86_64.qcow2: 986631680 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230116.0.x86_64.qcow2) = 83cc49178283827f2509c86cff15651dfd8bd12841de8bc47383474da48960e1
# CentOS-Stream-GenericCloud-9-20230216.0.x86_64.qcow2: 971965440 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230216.0.x86_64.qcow2) = 722adaa9775672feb4687dd24685d5d1f071f915109b1381c143f1b1c24c7c46
# CentOS-Stream-GenericCloud-9-20230327.0.x86_64.qcow2: 1005593088 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230327.0.x86_64.qcow2) = 3e58e61ef21192cc1ceca7bdf478c70ff2c2a8473811648b5cda200b5e080fc4
# CentOS-Stream-GenericCloud-9-20230501.0.x86_64.qcow2: 1016121344 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230501.0.x86_64.qcow2) = 0055ff05fa5a1fc0954c8a6ae63636fd3a1170c96a1bbd14f2677c3a919b7f0c
# CentOS-Stream-GenericCloud-9-20230508.0.x86_64.qcow2: 1027290624 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230508.0.x86_64.qcow2) = a6e3ef524cb1501bd58fe198bc759a9ebd6701c94c6a2a7ec8611a3c9fb1ebba
# CentOS-Stream-GenericCloud-9-20230516.0.x86_64.qcow2: 1023676928 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230516.0.x86_64.qcow2) = 1f5688026c9bc89b24965368da6fb93e80e38c521e404158c2f43e21baf0cf68
# CentOS-Stream-GenericCloud-9-20230523.0.x86_64.qcow2: 1080652288 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230523.0.x86_64.qcow2) = 47dca0f014aff27bad5a4156f7ce3168fc339546d6e66bfaf52617a773f05bf0
# CentOS-Stream-GenericCloud-9-20230530.1.x86_64.qcow2: 1076760064 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230530.1.x86_64.qcow2) = 26d0e102a74a4b24e03792e1ac6d73f26552a44dfd3e52a350b17a9e0da10efd
# CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2: 1058114048 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2) = 6193a49c545425f99d23f59ea792f79a7a6b2e3557fc2d3f6d42c3e5274061de
# CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2: 1058114048 bytes
SHA256 (CentOS-Stream-GenericCloud-9-20230605.0.x86_64.qcow2) = 6193a49c545425f99d23f59ea792f79a7a6b2e3557fc2d3f6d42c3e5274061de

so it can't be used to verify the latest CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2 file.

Version-Release number of selected component (if applicable):

CentOS Stream 9

How reproducible:


Steps to Reproduce:
1. Download the https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2 file
2. Download the https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM file
3. Run the following command:
   sha256sum -c CHECKSUM

Actual results:

It fails with the following output:

Expected results:

It should pass the check:

    CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2: OK

Additional info:

We cannot verify the content and use the latest image

Comment 1 Adam Samalik 2023-06-15 10:26:11 UTC
Thanks for reporting this!

The latest image is technically just a symlink to the "dated" image. So right now these two should be the same:
CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2
CentOS-Stream-GenericCloud-9-20230612.0.x86_64.qcow2

But the -latest one isn't listed, you're right. 


As a workaround, can you please use the "dated" image? (Or check the checksum of the -latest against the dated entry?)


I opened https://issues.redhat.com/browse/CS-1643 to track the work.

Comment 2 Delyan Yanev 2023-06-15 10:43:58 UTC
This workaround is not very useful in the CI/CD cycle because we need to use the "latest" static image name and if the content of the checksum and name of the image is not part of the checksum files the verification will failed with "No such file or directory".

Comment 3 Troy Dawson 2023-06-15 14:38:17 UTC
You are correct.
When I setup the -latest things, my mind totally blanked on how checksums are used.
I've already got a fix in our scripts.
Next weeks push out of the weekly compose should have things correct.

Comment 4 Delyan Yanev 2023-06-15 16:06:35 UTC
Thank you for your support and help.

Comment 5 Delyan Yanev 2023-06-19 06:25:52 UTC
Could you adapt also the other cases 2214173 and 2214178. Thanks in advance.

Comment 6 Troy Dawson 2023-06-20 17:02:55 UTC
I can fix CentOS Stream 8's (2214173) but not CentOS Linux 7 (2214178).  I have no access to the 7 infrastructure.

Note: We had some compose failures on this weeks CentOS Stream 8 and 9 production composes, so this weeks releases are taking longer than usual.

Comment 7 Troy Dawson 2023-06-27 18:06:25 UTC
I have verified that this has been fixed with this weeks compose release.

Comment 8 Delyan Yanev 2023-06-28 08:47:59 UTC
Confirmed. Thank you very much for your support.


Note You need to log in before you can comment on or make changes to this bug.