Bug 25647 - clamav fails to install due to bad clamav-db-0.100.3-1.mga7.noarch SHA256
Summary: clamav fails to install due to bad clamav-db-0.100.3-1.mga7.noarch SHA256
Status: RESOLVED WORKSFORME
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-01 01:26 CET by r howard
Modified: 2019-11-17 12:32 CET (History)
1 user (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description r howard 2019-11-01 01:26:06 CET
Description of problem:
clamav fails to install due to clamav-db-0.100.3-1.mga7.noarch having bad SHA256

Version-Release number of selected component (if applicable):
 clamav-db 0.100.3 1.mga7
 clamav 0.100.3 1.mga7

How reproducible:
!00% reproducible

Steps to Reproduce:
1. Run "sudo urpmi clamav"
2. The following occurs:

-bash-4.4$ sudo urpmi clamav
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Release")
  clamav                         0.100.3      1.mga7        x86_64  
  clamav-db                      0.100.3      1.mga7        noarch  
167MB of additional disk space will be used.
154MB of packages will be retrieved.
Proceed with the installation of the 2 packages? (Y/n) y


installing clamav-db-0.100.3-1.mga7.noarch.rpm clamav-0.100.3-1.mga7.x86_64.rpm from /var/cache/urpmi/rpms
Preparing...                     ###################################################################
----------------------------------------------------------------------
More information on package clamav-0.100.3-1.mga7.x86_64

----------------------------------------------------------------------
Installation failed:	package clamav-db-0.100.3-1.mga7.noarch does not verify: Payload SHA256 digest: BAD (Expected f7ed5683deabd9f46a36356c9739f2fa8bd8e4a9b40fe10f53658da2cb642526 != e8eaae51943606f4e59f539ade1adf3454e0a27fc6cadf8f829e511b75e29b5e)

Note that this caused a problem when upgrading from Mageia 6. The work around was to uninstall clamav and its dependencies from Mageia 6 so I could complete the upgrade.
Comment 1 Lewis Smith 2019-11-01 10:25:57 CET
To see whether this problem is global, I tried test installing clamav:

# urpmi --test clamav
I fodloni dibyniaethau, gosodir y pecynnau canlynol:
(prawf yn unig, ni fydd yn cael ei osod)
  Pecyn                          Fersiwn      Rhifyn        Arch    
(cyfrwng "Core Release")
  clamav                         0.100.3      1.mga7        x86_64  
  clamav-db                      0.100.3      1.mga7        noarch  
  lib64clamav7                   0.100.3      1.mga7        x86_64  
Defnyddir 169MB o le ychwanegol ar y disg.
Estynnir 155MB o becynnau.
Parhau i osod 3 o becynnau? (Y/n) y
    $MIRRORLIST: media/core/release/lib64clamav7-0.100.3-1.mga7.x86_64.rpm
    $MIRRORLIST: media/core/release/clamav-0.100.3-1.mga7.x86_64.rpm           
    $MIRRORLIST: media/core/release/clamav-db-0.100.3-1.mga7.noarch.rpm
... [everything downloaded]
wrthi'n gosod lib64clamav7-0.100.3-1.mga7.x86_64.rpm clamav-0.100.3-1.mga7.x86_64.rpm clamav-db-0.100.3-1.mga7.noarch.rpm o /var/cache/urpmi/rpms
Wrthi'n paratoi...               #############################################
Gellir gosod
 which says "installing ... ; preparing; installation possible".
 NO SHA256 error.

To test it further, I actually installed it:

# urpmi clamav
I fodloni dibyniaethau, gosodir y pecynnau canlynol:
  Pecyn                          Fersiwn      Rhifyn        Arch    
(cyfrwng "Core Release")
  clamav                         0.100.3      1.mga7        x86_64  
  clamav-db                      0.100.3      1.mga7        noarch  
  lib64clamav7                   0.100.3      1.mga7        x86_64  
Defnyddir 169MB o le ychwanegol ar y disg.
Estynnir 155MB o becynnau.
Parhau i osod 3 o becynnau? (Y/n) y
wrthi'n gosod clamav-db-0.100.3-1.mga7.noarch.rpm lib64clamav7-0.100.3-1.mga7.x86_64.rpm clamav-0.100.3-1.mga7.x86_64.rpm o /var/cache/urpmi/rpms
Wrthi'n paratoi...               ###########################################
      1/3: lib64clamav7          ###########################################
      2/3: clamav-db             ###########################################
      3/3: clamav                ###########################################
Warning: Problems encountered when activating services.
  Please check and enable manually if necessary.
  Service units affected: freshclam.service
[/usr/lib/tmpfiles.d/postgresql.conf:1] Line references path below legacy directory /var/run/, updating /var/run/postgresql → /run/postgresql; please update the tmpfiles.d/ drop-in file accordingly.

 So despite the concluding complaints, it installed OK without the checksum error.

# systemctl -l status clamav-freshclam
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
   ...
# systemctl start clamav-freshclam
# systemctl status clamav-freshclam
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; disabled>
   Active: active (running) since Fri 2019-11-01 10:04:21 CET; 14s ago
   ...
 Main PID: 22785 (freshclam)
   Memory: 122.2M
   CGroup: /system.slice/clamav-freshclam.service
           └─22785 /usr/bin/freshclam -d --foreground=true
[Then lots of WARNINGs about not being able to download updates, diffs, but which ended OK]:
localhost.localdomain freshclam[22785]: Downloading daily.cvd [100%]
--------------------------------------------------------------------
So this looks like a faulty download of clamav-db; can you please try:
 # urpme clamav       [in case it is partly installed]
 # urpmi --clean      [to clear out the package cache /var/cache/urpmi/rpms]
then re-try the download & installation. If that fails as previously, please try a different mirror if possible.

CC: (none) => lewyssmith

Comment 2 David Walser 2019-11-01 14:19:40 CET
It should probably be updated to a current version too.

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=25231

Comment 3 r howard 2019-11-01 19:50:07 CET
Lewis I tried your suggestion of running
 # urpme clamav 
 # urpmi --clean

I then ran
 #urpmi clamav

The same problem occurred with bad SHA256.
Could it be that the mirror that urpm is pulling from is corrupted?

After cleaning again I have run it for a third time in verbose mode with a similar result.

-bash-4.4$ sudo urpmi --verbose clamav
getting lock on urpmi
using mirror http://mirrors.kernel.org/mageia/distrib/7/x86_64
examining synthesis file [/var/lib/urpmi/Core Release/synthesis.hdlist.cz]
examining synthesis file [/var/lib/urpmi/Core Updates/synthesis.hdlist.cz]
examining synthesis file [/var/lib/urpmi/Nonfree Release/synthesis.hdlist.cz]
examining synthesis file [/var/lib/urpmi/Nonfree Updates/synthesis.hdlist.cz]
examining synthesis file [/var/lib/urpmi/Tainted Release/synthesis.hdlist.cz]
examining synthesis file [/var/lib/urpmi/Tainted Updates/synthesis.hdlist.cz]
getting exclusive lock on rpm
found package(s): clamav-0.100.3-1.mga7.x86_64
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Release")
  clamav                         0.100.3      1.mga7        x86_64  
  clamav-db                      0.100.3      1.mga7        noarch  
  lib64clamav7                   0.100.3      1.mga7        x86_64  
169MB of additional disk space will be used.
155MB of packages will be retrieved.
Proceed with the installation of the 3 packages? (Y/n) y


retrieving rpm files from medium "Core Release"...
    $MIRRORLIST: media/core/release/clamav-0.100.3-1.mga7.x86_64.rpm
    $MIRRORLIST: media/core/release/clamav-db-0.100.3-1.mga7.noarch.rpm                              
    $MIRRORLIST: media/core/release/lib64clamav7-0.100.3-1.mga7.x86_64.rpm                           
retrieved $MIRRORLIST media/core/release clamav-0.100.3-1.mga7.x86_64.rpm clamav-db-0.100.3-1.mga7.noarch.rpm lib64clamav7-0.100.3-1.mga7.x86_64.rpm
...retrieving done
installing clamav-db-0.100.3-1.mga7.noarch.rpm lib64clamav7-0.100.3-1.mga7.x86_64.rpm clamav-0.100.3-1.mga7.x86_64.rpm from /var/cache/urpmi/rpms
starting installing packages
created transaction for installing on / (remove=0, install=0, upgrade=3)
Preparing...                     ###################################################################
----------------------------------------------------------------------
More information on package clamav-0.100.3-1.mga7.x86_64

----------------------------------------------------------------------
Installation failed:
	package clamav-db-0.100.3-1.mga7.noarch does not verify: Payload SHA256 digest: BAD (Expected f7ed5683deabd9f46a36356c9739f2fa8bd8e4a9b40fe10f53658da2cb642526 != a072638fd80ac358ff4f09d5ee9f133a7687647390f5561f1d4e75ed2311ce0f)

Installation failed:	package clamav-db-0.100.3-1.mga7.noarch does not verify: Payload SHA256 digest: BAD (Expected f7ed5683deabd9f46a36356c9739f2fa8bd8e4a9b40fe10f53658da2cb642526 != a072638fd80ac358ff4f09d5ee9f133a7687647390f5561f1d4e75ed2311ce0f)
unlocking urpmi database
unlocking rpm database
Comment 4 Lewis Smith 2019-11-01 21:07:57 CET
 Thank you for your efforts.

(In reply to r howard from comment #3)
> Lewis I tried your suggestion of running
>  # urpme clamav 
>  # urpmi --clean
> I then ran
>  #urpmi clamav
> The same problem occurred with bad SHA256.
> Could it be that the mirror that urpm is pulling from is corrupted?
The package rather than the mirror. It certainly looks like this at present.

I already suggested:
> If that fails as previously, please try a different mirror if possible.
Can you please try this?

If the clamav-db SHA256 checksum still fails,  please do:
 $ sha256sum /var/cache/urpmi/rpms/<rpm filename>
and post the result here. I can re-download (yawn) the package (I uninstalled it...) and do the same for comparison.
--------------------------------------
(In reply to David Walser from comment #2)
> It should probably be updated to a current version too.
Well, the version we are both seeing is 'clamav-0.100.3-1.mga7'. If there is a more recent one, how do we get it pushed? clamav has no specific maintainer.
Comment 5 r howard 2019-11-14 18:35:57 CET
I eventually got clamav-db-0.100.3-1.mga7.noarch to download and install after multiple attempts. Not sure  what caused the original problem. Maybe a routing glitch between my system and the mirror host?  I notice that after each failed attempt the bad payload value was different. I should have attempted to download the file directly at the time the error was occurring and run sah256 against it to get a better idea if it was a network problem. (not the rpm in question is quite large). If I see this type of problem in future I can try that to help determine the source of the problem.

Feel free to close this.
Comment 6 r howard 2019-11-14 18:49:16 CET
Lewis the latest stable release of clamav is 0.102.0  See https://www.clamav.net/downloads
For the release notes see https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html. Probably should create an update request for that.
Comment 7 Lewis Smith 2019-11-17 12:32:27 CET
(In reply to r howard from comment #5)
> Feel free to close this.
Thanks; doing.

(In reply to r howard from comment #6)
> Lewis the latest stable release of clamav is 0.102.0See
> https://www.clamav.net/downloads
> Probably should create an update request for that.
Thanks for the pointer; please do.
Significant version jumps are often accommodated by the next Mageia release rather than the current one, because of potential incompatibilities. They can be done as regular updates if this is not the case. A lot depends on whether the current Mageia version is still supported upstream.

Resolution: (none) => WORKSFORME
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.