I went to try an install of ArchLinuxARM to my first BeagleBone Black, but the rootfs tarball does not match the MD5 or GPG signature. (Being more familiar with the Raspberry Pi, I double-checked and the MD5 and GPG signatures are fine for its files.)
Since I try to make sure I get in the habit of always checking these things, I was a little concerned and thought I would ask and see if they could be checked and/or updated.
$this->bbcode_second_pass_code('', '[root@arch]# ls -1 *-am33x-*.tar.gz*
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz.md5
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz.sig')
$this->bbcode_second_pass_code('', '[root@arch]# md5sum -c *.md5
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz: FAILED
md5sum: WARNING: 1 computed checksum did NOT match
BeagleBone-bootloader.tar.gz: OK')
$this->bbcode_second_pass_code('', '[root@arch]# cat ArchLinuxARM-2015.04-am33x-rootfs.tar.gz.md5
6f37c1b3168669212a36a59a69ba5123 ArchLinuxARM-2015.04-am33x-rootfs.tar.gz
[root@arch]# md5sum ArchLinuxARM-2015.04-am33x-rootfs.tar.gz
d41d8cd98f00b204e9800998ecf8427e ArchLinuxARM-2015.04-am33x-rootfs.tar.gz')
$this->bbcode_second_pass_code('', '[root@arch]# gpg --verify *.sig
gpg: assuming signed data in 'ArchLinuxARM-2015.04-am33x-rootfs.tar.gz'
gpg: Signature made Wed 01 Apr 2015 01:11:12 PM EDT using RSA key ID 2BDBE6A6
gpg: BAD signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" [unknown]')
-Jason
P.S. I have been having a blast using Arch Linux on the Raspberry Pi's, it having been a number of years since I've done much of anything with Linux other than the occasional server, VM or Docker container. What fun!
Bad MD5 & GPG sig for 2015.04 BBB rootfs tarball
6 posts
• Page 1 of 1
Bad MD5 & GPG sig for 2015.04 BBB rootfs tarball
by jps3 » Thu Apr 16, 2015 12:05 am
- jps3
- Posts: 5
- Joined: Wed Apr 15, 2015 11:46 pm
Re: Bad MD5 & GPG sig for 2015.04 BBB rootfs tarball
by jps3 » Thu Apr 16, 2015 12:55 am
Hm. Ok. Weird. I downloaded them again, and now they check out. Perhaps original downloads were from different mirrors?
- jps3
- Posts: 5
- Joined: Wed Apr 15, 2015 11:46 pm
Re: Bad MD5 & GPG sig for 2015.04 BBB rootfs tarball
by WarheadsSE » Thu Apr 16, 2015 1:35 pm
Or you got them in the middle of an update?
As for the signature ... well, it says clearly.
$this->bbcode_second_pass_code('', 'gpg: BAD signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" [unknown]')
As for the signature ... well, it says clearly.
$this->bbcode_second_pass_code('', 'gpg: BAD signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" [unknown]')
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
Re: Bad MD5 & GPG sig for 2015.04 BBB rootfs tarball
by jps3 » Thu Apr 16, 2015 4:30 pm
I was guessing at how to check by the *.sig files. My first attempt said I did not have that key in the keychain. I couldn't find any documentation on the archlinuxarm.org web site about their use of, or source for, said keys if using the *.sig files to check validity.
And, yes, it's helpful that the GPG verification failure backed up the md5sum check result.
And, yes, it's helpful that the GPG verification failure backed up the md5sum check result.
- jps3
- Posts: 5
- Joined: Wed Apr 15, 2015 11:46 pm
Re: Bad MD5 & GPG sig for 2015.04 BBB rootfs tarball
by WarheadsSE » Thu Apr 16, 2015 4:50 pm
I'll see about getting the documentation updated as necessary here.
EDIT: nvm
http://archlinuxarm.org/about/package-signing
EDIT: nvm
http://archlinuxarm.org/about/package-signing
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
Re: Bad MD5 & GPG sig for 2015.04 BBB rootfs tarball
by jps3 » Thu Apr 16, 2015 5:34 pm
#headdesk || #facepalm
Thank you.
Thank you.
- jps3
- Posts: 5
- Joined: Wed Apr 15, 2015 11:46 pm
6 posts
• Page 1 of 1
Return to Texas Instruments (TI)
Who is online
Users browsing this forum: No registered users and 16 guests