[Bug 1817282] Re: Cannot SHA256SUMS from http://releases.ubuntu.com/bionic/

Seth Arnold 1817282 at bugs.launchpad.net
Fri Feb 22 11:13:36 UTC 2019 

Hello,

You don't have to use Firefox to download these files. For example:

$ wget http://releases.ubuntu.com/bionic/SHA256SUMS
--2019-02-22 03:06:47--  http://releases.ubuntu.com/bionic/SHA256SUMS
Resolving releases.ubuntu.com (releases.ubuntu.com)... 91.189.88.160, 2001:67c:1560:8001::7
Connecting to releases.ubuntu.com (releases.ubuntu.com)|91.189.88.160|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 202
Saving to: ‘SHA256SUMS’

SHA256SUMS
100%[==============================================>]     202  --.-KB/s
in 0s

2019-02-22 03:06:47 (712 KB/s) - ‘SHA256SUMS’ saved [202/202]

$ wget http://releases.ubuntu.com/bionic/SHA256SUMS.gpg
--2019-02-22 03:06:49--  http://releases.ubuntu.com/bionic/SHA256SUMS.gpg
Resolving releases.ubuntu.com (releases.ubuntu.com)... 91.189.88.160, 2001:67c:1560:8001::7
Connecting to releases.ubuntu.com (releases.ubuntu.com)|91.189.88.160|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 916
Saving to: ‘SHA256SUMS.gpg’

SHA256SUMS.gpg
100%[==============================================>]     916  --.-KB/s
in 0s

2019-02-22 03:06:49 (2.07 MB/s) - ‘SHA256SUMS.gpg’ saved [916/916]

$ gpg --verify SHA256SUMS.gpg SHA256SUMS
gpg: Signature made Thu 14 Feb 2019 02:53:33 PM PST
gpg:                using DSA key 46181433FBB75451
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key <cdimage at ubuntu.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C598 6B4F 1257 FFA8 6632  CBA7 4618 1433 FBB7 5451
gpg: Signature made Thu 14 Feb 2019 02:53:33 PM PST
gpg:                using RSA key D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage at ubuntu.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092


If you haven't yet imported our signing key you can run:

gpg --recv-key "8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092"


You can verify the key fingerprint on:
https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#3
or
https://wiki.ubuntu.com/SecurityTeam/FAQ#GPG_Keys_used_by_Ubuntu

Thanks

** Information type changed from Private Security to Public Security

** Changed in: ubiquity (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1817282

Title:
  Cannot SHA256SUMS from http://releases.ubuntu.com/bionic/

Status in ubiquity package in Ubuntu:
  Invalid

Bug description:
  Installation instructions for 18.04.1 LTS recommends "Fetching"
  SHA256SUMS in determining if a download or a burn to DVD is un-flawed.

  Presently http://releases.ubuntu.com/bionic/
  does not allow downloading but only opening SHA256SUMS.
  Other posts recommmend against trying to reproduce the file by copying and pasting as this can create more problems with verifing the download and burn.

  Went to
  https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#3
  to check the ISO check-sum to see if:
  * the download was corrupted
  or 
  * I had burned it to a faulty DVD.

  However I could find no workable answer to the following question.

  how to download SHA256SUMS from http://releases.ubuntu.com/bionic/?

  Seems the most simple question, however all I get at Ask.Ubuntu, stack
  exchange and Gethub is theory others problems and complications. The
  FTP protocol description is overwhelmingly complex.

   http://releases.ubuntu.com/bionic/ does not offer a copy or download option for the files.
  Other click on the file and all I get in Firefox is link choices. I have been warned in one of those sources that copying and pasting contents into a file I create will fowl up the process.

  Not being able to successfully download the SHA256SUMS means I only
  receive the following when attempting to confirm validity of the ISO

  gpg: can't open `SHA256SUMS.gpg'
  gpg: verify signatures failed: file open error

  All I can do is possibly waste another DVD downloading a valid? ISO
  with a bug in it, in doing a new download, but that is the only course
  I see for now with the gpg check-sums kerfuffle at:

  https://github.com/canonical-websites/tutorials.ubuntu.com/issues/new
  and
  https://github.com/canonical-websites/tutorials.ubuntu.com/issues/790

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1817282/+subscriptions

More information about the foundations-bugs mailing list