Bug 1062

Summary: Release media should have a "verify media" option to check the checksum of the burnt files
Product: Mageia Reporter: Filip Komar <filip.komar>
Component: Release (media or process)Assignee: Thierry Vignaud <thierry.vignaud>
Status: RESOLVED WONTFIX QA Contact:
Severity: enhancement    
Priority: Normal CC: davidwhodgins, j.alberto.vc, marja11
Version: CauldronKeywords: Junior_job
Target Milestone: ---   
Hardware: i586   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=894
Whiteboard:
Source RPM: drakx-installer-images draklive-install CVE:
Status comment:

Description Filip Komar 2011-04-29 20:07:49 CEST 
Description of problem:
At least Mageia 1 Beta 2 DVD 32 bit and also Live KDE CD is in serious lack of MD5SUM files. This could lead to trouble when installing or updating from optical media. Many bug reports could turn out false. I suspect at least this one: https://bugs.mageia.org/show_bug.cgi?id=894

Version-Release number of selected component (if applicable):
all rpm files and most others on CD or DVD

How reproducible:
always


Steps to Reproduce:
1. reading media

Suggestion: install program should have a menu entry for checking media during install.
Filip Komar 2011-04-29 20:09:59 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=894

Comment 1 Ahmad Samir 2011-04-29 20:30:00 CEST 
Modifying summary accordingly then.

Severity: major => enhancement
Component: Installation => Release (media, process)
Summary: MD5SUM files are absent. No way to check optical media after burning. => Release media should have a "verify media" option to check the checksum of the burnt ISO's
Source RPM: (almost) all => (none)

Comment 2 Marja Van Waes 2011-10-11 22:52:45 CEST 
@ Filip

Am I correct when I understand you want to be able to check the md5sum of every single rpm on the Mageia CD's and DVD's while installing Mageia?

If so, why isn't:
* checking the md5sum of the iso before you start burning it + 
* letting your burner check the burnt CD/DVD
good enough?

If I misunderstand, could you please make more clear what you want (if you still want it)?

CC: (none) => marja11
Keywords: (none) => NEEDINFO

Comment 3 Dave Hodgins 2011-10-12 04:01:08 CEST 
With the Knoppix dvd, at the start, instead of pressing enter to start
knoppix, you can enter "knoppix testcd".

There's a file in the KNOPPIX with the sha1 sums of 31 files on the
dvd, including one for the almost 4GB KNOPPIX file, which is actually
a script containing an iso image within the iso.

The KNOPPIX script starts with
#!/bin/sh
#V2.0 Format
modprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1
exit $?
followed by the iso contents.

That script mounts the iso that it contains, and then exits.

In the minirt.gz (the knoppix version of initrd), part of the script has
# Check files in KNOPPIX/sha1sums
check_sha1sums(){
 local RC="0"
 local sum currentsum file relax
 [ -r /mnt-system/"$knoppix_dir"/sha1sums ] || return 0
 while read sum file; do
  file="$(echo "${file#\*}" | sed "s,KNOPPIX/,$knoppix_dir/,g")"
  [ -r /mnt-system/"$file" ] || continue
  echo -n "${CRE}${YELLOW}$CHECKING ${CYAN}$file...${NORMAL}"
  read currentsum relax <<EOT
$(sha1sum /mnt-system/"$file")
EOT
  [ "$currentsum" = "$sum" ] || { echo -e "${RED}$FAILED${NORMAL}"; RC="1"; }
 done </mnt-system/"$knoppix_dir"/sha1sums
 return "$RC"
}

After calling the above, if the checksums are ok, it will continue to
start knoppix.  If not, it will display a message, and wait for user
input.

This ensures no burn errors, no physical damage to the dvd, since
burning, and the reader doesn't have a lens that's too dirty to read
the media.  More than once, I've found out by using this that I
needed to clean the lens of a dvd reader.

CC: (none) => davidwhodgins

Marja Van Waes 2011-10-12 06:46:57 CEST

Assignee: bugsquad => thierry.vignaud
Source RPM: (none) => drakx-installer-stage2 draklive-install
Keywords: NEEDINFO => (none)

Marja Van Waes 2011-10-12 06:49:11 CEST

Summary: Release media should have a "verify media" option to check the checksum of the burnt ISO's => Release media should have a "verify media" option to check the checksum of the burnt files

Thierry Vignaud 2011-10-12 07:33:16 CEST

Source RPM: drakx-installer-stage2 draklive-install => drakx-installer-images draklive-install
Keywords: (none) => Junior_job

Comment 4 Marja Van Waes 2012-01-16 21:19:26 CET 
Pinging. because nothing happened to this report since more than 3 months ago, and it still has the status NEW or REOPENED.

@ Thierry
Please set status to ASSIGNED if you think this bug was assigned correctly. If for work flow reasons you can't do that, then please put OK on the whiteboard instead.
Comment 5 Marja Van Waes 2012-05-26 13:05:02 CEST 
Hi,

This bug was filed against cauldron, but we do not have cauldron at the moment.

Please report whether this bug is still valid for Mageia 2.

Thanks :)

Cheers,
marja

Keywords: (none) => NEEDINFO

Comment 6 Dave Hodgins 2012-05-28 02:01:22 CEST 
Keeping as cauldron for Mageia 3 installer.

Keywords: NEEDINFO => (none)

Comment 7 katnatek 2023-09-23 18:33:31 CEST 
Many time inactive , any advance on this? 
Or should be closed?
katnatek 2023-09-23 19:18:46 CEST

CC: (none) => j.alberto.vc

Comment 8 Dave Hodgins 2023-09-23 20:24:14 CEST 
Most people now use flash drives (usb sticks), not optical media. isodumper,
which is the preferred method of copying an iso image to a usb stick includes
verification of the copied images using the sum files and the gpg signatures.

There are many ways of running the installer from flash drives, optical drives,
or from hard drives now. It may be running on real hardware, a virtual os
(virtual box, xen), using chroot, or systemd-nspawn.

Changing the installer to handle the wide variety of installation methods to
verify the integrity is much more complicated than it used to be.

Closing as wontfix.

Resolution: (none) => WONTFIX
Status: NEW => RESOLVED