Hide Forgot
Description of problem: To read an image file off a burned optical disc, one needs to know the file size. If the image file is an ISO 9660-compliant ISO file, this can be determined from the Volume Space Size in the ISO header. However, some Fedora image files are not, and the size is larger than that indicated by the Volume Space Size, for example live images and some recent netinst images (and in the case of 16-Alpha.TC1, even the x86_64 DVD image) - see bug 585006. In fact, according to https://bugzilla.redhat.com/show_bug.cgi?id=585006#c89 , the padding may soon be arbitrary data and not simply zeroes, making it impossible to deduce. The size of an image may be time-consuming or even impossible to find online (not all Fedora images are archived). Also, being able to do an external verification of a burned disc's checksum is important for the following reasons: 1) The disc's built-in mediacheck may either not exist (for example the F15 netinst images) or may not work (for example bug 692135). 2) If one gets a burned disc from someone else, to verify that the disc isn't evil they need to match the disc contents to the official checksum. So I propose that for each "ISO" checksum line, adding a comment line giving the size in bytes, for example # Fedora-16-Alpha.TC1-x86_64-DVD.iso: 3589275648 bytes 7feefb939232512fe74dc8adb5aaf197988b99315d357037ca287fc1ea10e29c *Fedora-16-Alpha.TC1-x86_64-DVD.iso
Another reason for considering this - not a matter of necessity, but still - one of the most common forms of download corruption is simple truncation, and when downloading with a browser (Firefox, at least) as opposed to something like wget, you can't see the target file's exact size in bytes.
Are you talking about sha256 sums in *-CHECKSUM lines? These are created by sha256sum called by pungi, not by isomd5sum. If I understand it correctly the primary purpose of md5sum implanted in DVDs is to check the integrity of actual physical medium (not of the iso image - for security purposes there is the sha256 sum)
I don't understand your question. I'm proposing that the content of the Fedora-*-*-CHECKSUM file be modified by inserting a comment containing the size for each ISO file, as shown in my example in comment 0, so for example instead of # The image checksum(s) are generated with sha256sum. cebebc227314457d0a584252ab1b6cc5744d400bb376d8b4855107be29e19865 *Fedora-16-Alpha-i386-DVD.iso 6c406b07b6a51e9c5f4308708a12375edc30b74cdd81b6119afa5b79755bcc12 *Fedora-16-Alpha-i386-netinst.iso the checksum file would be # The image checksum(s) are generated with sha256sum. # Fedora-16-Alpha-i386-DVD.iso: 3438059520 bytes cebebc227314457d0a584252ab1b6cc5744d400bb376d8b4855107be29e19865 *Fedora-16-Alpha-i386-DVD.iso # Fedora-16-Alpha-i386-netinst.iso: 132194304 bytes 6c406b07b6a51e9c5f4308708a12375edc30b74cdd81b6119afa5b79755bcc12 *Fedora-16-Alpha-i386-netinst.iso I don't know what software would be responsible for creating the extra comment lines (I originally assigned this bug to "distribution" and it was reassigned).
Pungi runs that for the traditional install media. It is ran by hand for the live images. Patches welcome at this point.
I don't know Python, but it looks like the checksum lines are created by pungi-2.9/src/pypungi/__init__.py, line 978: checkfile.write("%s *%s\n" % (checksum.replace('sha256:', ''), os.path.basename(path))) So one could put one line before this to generate the byte size comment line. But since the checksum files are currently made by hand for live images, would it make sense to just use a little script run inside the ISO directory and call it for both install and live images, for example #!/bin/sh echo \# The image checksum\(s\) are generated with sha256sum. for i in *.iso ; do echo \# "$i" : `stat -c %s "$i"` bytes sha256sum -b "$i" done instead of doing it inside pungi? (Of course the script that calls this would have to redirect to the correct file name.)
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
This message is a notice that Fedora 19 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 19. It is Fedora's policy to close all bug reports from releases that are no longer maintained. Approximately 4 (four) weeks from now this bug will be closed as EOL if it remains open with a Fedora 'version' of '19'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 19 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
pungi-4.1.13-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-803e6bacb4
pungi-4.1.13-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-803e6bacb4
pungi-4.1.13-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.