#StackBounty: #apt #package-management #dpkg #hashsum VirutalBox: apt download / hashing problem (APT Hash Sum Mismatch)

Bounty: 50

I’m trying to install docker with apt from the https://download.docker.com/linux/debian/ repo.

Unfortunately installation always fails with a hash mismatch warning. I have already tried everything suggested in this post https://askubuntu.com/questions/41605/trouble-downloading-packages-list-due-to-a-hash-sum-mismatch-error without any success.

The thing is when I compare the hash of the following error

Fetched 21.4 MB in 17s (1,290 kB/s)                                                                                          
E: Failed to fetch https://download.docker.com/linux/debian/dists/buster/pool/stable/amd64/containerd.io_1.2.13-2_amd64.deb  Hash Sum mismatch
   Hashes of expected file:
    - SHA512:e0432c524abf9d915d42eab87c0a6cf4bd589cf2f250652253f98099c7961196f59ea0eb3f5683b05eafd969254e614739dc5681da0573b09a2eab64ab4efcfd
    - SHA256:71209f4a958d94639cba81ba3469d0aa9eff3da484106580959f5cf1fd116666
    - SHA1:08fd3a4a4e82a1c0452c6bbd5803b19315c7e968 [weak]
    - MD5Sum:2ed3788e04a8a8787ea83b8b3a00152f [weak]
    - Filesize:21404482 [weak]
   Hashes of received file:
    - SHA512:24c80b4371056e0b7c34a7e9abde3ee62ecfb8ee5dbbb8db4a48104b16574749588ca00f71bc4d7c4fe148a9f706e86a9a2b4ac1f5f7955bfb316950f093de49
    - SHA256:81753f427efcc308215d8a604e020743ab86ff2c45d67d86f35291d14550e203
    - SHA1:316d0bbe37b28c9da64bfa263e2b31a3bbe7199e [weak]
    - MD5Sum:8dacbbff65f077d567ab1bff2cc2ad4b [weak]
    - Filesize:21404482 [weak]
   Last modification reported: Fri, 15 May 2020 03:23:56 +0000
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

with the output of md5sum containerd.io_1.2.13-2_amd64.deb (file downloaded manually from https://download.docker.com/linux/debian/dists/buster/pool/stable/amd64/containerd.io_1.2.13-2_amd64.deb)

I get the md5 hash 2ed3788e04a8a8787ea83b8b3a00152f containerd.io_1.2.13-2_amd64.deb which is exactly what apt claims is the expected value.

So my only guess is that apt is either downloading something wrong or hashes the wrong way. This sound quite strange to me and I could not find any help searching for this.

Here is my sources.list

$ cat /etc/apt/sources.list

# deb cdrom:[Official Debian GNU/Linux Live 10.4.0 xfce 2020-05-09T10:59]/ buster main

# deb cdrom:[Official Debian GNU/Linux Live 10.4.0 xfce 2020-05-09T10:59]/ buster main

deb http://ftp.tu-clausthal.de/debian/ buster main
deb-src http://ftp.tu-clausthal.de/debian/ buster main

deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main

# buster-updates, previously known as 'volatile'
deb http://ftp.tu-clausthal.de/debian/ buster-updates main
deb-src http://ftp.tu-clausthal.de/debian/ buster-updates main

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
deb [arch=amd64] https://download.docker.com/linux/debian buster stable

Debian is running in a virtual machine. Host system is Windows 10.

Thanks for any advice!

Get this bounty!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.