Description of problem: new M7-beta3 isos no longer include sha512 signature file and isodumper reports a warning: Target Device: Lexar USB Flash Drive (/dev/sdb) 7646.0Mb Image : /isos/M7/live 32 xfce/Mageia-7-beta3-Live-Xfce-i586.iso Executing copy from /isos/M7/live 32 xfce/Mageia-7-beta3-Live-Xfce-i586.iso to /dev/sdb Image Mageia-7-beta3-Live-Xfce-i586.iso successfully written to /dev/sdb Bytes written: 2175234048 The sha512 sum check is OK but the signature can't be found. the new .isos filesets include a file similar to this: Mageia-7-beta3-Live-GNOME-x86_64.iso.sha3 Version-Release number of selected component (if applicable): How reproducible:always Steps to Reproduce: 1. create a bootable USB from the new M7-beta3 .isos using Isodumper 2.check the report window at completion 3.
I can't find anything about "checksum" or "sha3" in isodumper's git log, so assuming this needs to be fixed in cauldron, too.
Source RPM: (none) => isodumperAssignee: bugsquad => mageiatoolsWhiteboard: (none) => MGA6TOOVersion: 6 => CauldronCC: (none) => marja11, yves.brungard_mageia
This isn't quite right - it's the sha1 sum that's been obsoleted, not the sha512 sum. > The sha512 sum check is OK but the signature can't be found. This is warning that the GPG signature is missing. The GPG signature is only added when the ISOs are publicly released.
CC: (none) => mageia
Hello, With accurate reading, this is only signature file which is lacking. The sum has been calculated and checked: > The sha512 sum check is OK The tradition is to sign only released ISO, which is not yet the case for beta3. Isodumper uses hashlib to calculate the sum. The documentation reports that sha3 sums are available since Python 3.6, however Mageia 6 runs with Python 3.5 only. I presume this will be not be easily fixed for sha3 sum. Thus we will have to use another sum to check. Which ones are provided ? md5 ? In the same time, I don't found the command in bash to check the sha3 sum. In Mageia 6, I found: sha sha1sum sha256sum sha512sum sha224sum sha384sum What is the command?
(In reply to Martin Whitaker from comment #2) > > The GPG signature is only > added when the ISOs are publicly released. Is there a reason not to do this for ISOs not yet released? We have also to adapt our documentation and website for the next release. What is the new policy, thus?
It isn't currently available in Mageia 6. It can be used by installing the Mageia 7 rpm packages for now (in a Mageia 6 system) ... sha3sum-1.1.5-1.mga7 lib64keccak1-1.2-1.mga7 Changing isodumper to support sha3sums will require adding those packages to Mageia 6. While the packages would be an addition for the stable release, that addition would fit into our exceptions as it's required for the bugfix update to isodumper. My guess as to why they are not generated for iso images prior to release is that someone has to ssh into rabbit to enter the gpg passphrase manually.
CC: (none) => davidwhodgins
(In reply to Martin Whitaker from comment #2) > This isn't quite right - it's the sha1 sum that's been obsoleted, not the > sha512 sum. > Ah, good, I was worrying that I had missed something. Adjusting the summary.
Summary: please update Isodumper to check sha3 as sha512 has been obseleted => please update Isodumper to check sha3 as sha1 has been obsoleted
As DavidWH said on the ML earlier this week, the check needs package sha3sum (urpmi finds it). This includes commands: sha3-224sum, sha3-256sum, sha3-384sum and sha3-512sum
Fixed with IsoDumper 1.17 release.
Resolution: (none) => FIXEDStatus: NEW => RESOLVED