Download page sha256sum different from downloaded file checksum

Jeff_Dantzler · 14 July 2020 19:54

I downloaded (via torrent)
ubuntu-mate-20.04-beta1-desktop-arm64+raspi.img.xz
on Tue 14 Jul 2020 11:18:03 AM PDT
twice and tried to verify both times the sha256sum of the file.

Both times I got
233c268963637c94a3527b90fce3cf74eeaaf03e9d3a5623457b4b2412778daa ./ubuntu-mate-20.04-beta1-desktop-arm64+raspi.img.xz

but the download page gives a different sha256sum value
Filename |ubuntu-mate-20.04-beta1-desktop-arm64+raspi.img.xz
SHA256SUM 82019e65bf836c10a7f4f787757e6f317ea8b9508f15ee23d25a85ef5107e9bc

After the first discrepancy, I deleted the file and downloaded again, figuring that an error had been introduced. It seems unlikely that the 2nd download would have the same SHA256sum if an error happened.

Direct download gives the same sha256sum as the torrent (i.e. not same as given on download page)

One other member confirmed this discrepancy.

Is it possible that the sha256sum on the download page did not get updated, or is otherwise incorrect?

Thank you.

ugnvs · 14 July 2020 20:34

rpihawth20 · 14 July 2020 22:43

Yes, downloaded 3 times over two days with same result for me.

More importantly, the image did not work. It crashed during the setup application and I was not able to log in with the username/password I supplied.

This is on an RPi 4, 8GB of memory model.

Jeff_Dantzler · 15 July 2020 00:39

Thank you, @rpihawth20.

I've studied some pentesting approaches that use something like a Pi or Beaglebone, and I was hesitant to try to install something with a bad sha256sum, plugged into my network. Thank you for testing that.

That said, I think it is way more likely that the image may have gotten corrupted, and your experience supports that.

Hopefully someone working on the project can look into this.

rpihawth20 · 15 July 2020 06:07

It was noted in the raspberry forum that the sha hashes are swapped between the 32-bit and 64-bit download pages. It's probably not a case of the files being misnamed and in the wrong place since the 64-bit file one is bigger.

Either install should work on Pi4 8GB so hopefully developers will do more testing and hit the same crash. Only other difference in my environment could be use of a household router (Asus)/cable modem for the network connection. The crash happens after confirming the location that setup correctly detects and while waiting for setup to finish as it scrolls through informational pages.

I'm done wasting time until I see a different 64-bit file (totally new sha hash and size).

I have a useful desktopify installation in the meantime.

Jeff_Dantzler · 15 July 2020 15:12

I also plan to wait for a completely different 64 bit file.

franksmcb · 16 July 2020 02:58

I've alerted Wimpy to this. Hopefully there will be a resolution soon.

Jeff_Dantzler · 16 July 2020 16:07

Thank you, @franksmcb.

I used the desktopify script to play around with ubuntu-mate (20) in the mean time.

jfjbelton · 16 July 2020 23:29

I am having the same problem, after downloading the 64-bit version.
In checking the SHA256 through GTKHASH, I have found that the SHA256 generated for the 64-bit download on the Downloads page matches the SHA256 for the 32-bit version.
I haven't tried a to install this download because of the SHA256 error.

Remotepi · 17 July 2020 13:02

The SHA256SUM value
233c268963637c94a3527b90fce3cf74eeaaf03e9d3a5623457b4b2412778daa
actually generated for ubuntu-mate-20.04-beta1-desktop-arm64+raspi.img.xz
is the expected value given on the download page for
ubuntu-mate-18.04.2-beta1-desktop-arm64+raspi3-ext4.img.xz
The reverse is not true

Neo · 23 July 2020 16:48

I didnt see your post and started my own on the same subject.
Here is what I noticed also.

Downloaded a few times on different computers and the check sum is always the same but never matches what is on the download page. Used what is recommended by the site MD5_and_SHA_Checksum_Utility as well as get-file hash in powershell get the same as below every time.
I get
233C268963637C94A3527B90FCE3CF74EEAAF03E9D3A5623457B4B2412778DAA
should be
ubuntu-mate-20.04-beta1-desktop-arm64+raspi.img.xz|

SHA256SUM 82019e65bf836c10a7f4f787757e6f317ea8b9508f15ee23d25a85ef5107e9bc|

Also get the same when I use https://emn178.github.io/online-tools/sha256_checksum.html

MuddyFunster · 24 July 2020 22:43

I too am having the same problem, after downloading the 64-bit version via torrent.
and upon checking the SHA256 through GTKHASH and online, I have found that the SHA256 generated for the 64-bit version on the Downloads page does not match the SHA256 for the said 64bit version.
I also haven't tried to install this download because of the SHA256 error.
Come on guys please sort out this oversight!

Jeff_Dantzler · 25 July 2020 02:44

Hi @MuddyFunster,

@rpihawth20 had a great idea to install the ubuntu server and then use desktopify to add MATE (or whatever you like) desktop environment. I was able to make a build with 20.04 + MATE that is working. I can recommend this approach until the issue is resolved. I'm sure people are busy, etc.

20.04 server:

desktopify:

Have a great weekend!

franksmcb · 28 July 2020 02:39

Apologies for the delay.

This should all be resolved.