Corrupt image Radxa RockPi4

gabmert · 7 January 2025 19:26

Creating a bug report/issue

I have searched the existing open and closed issues

Steps to reproduce

Download image from https://dietpi.com/downloads/images/DietPi_ROCKPi4-ARMv8-Bookworm.img.xz and checksum and signature

Expected behaviour

I tried with DietPi_ROCK4CPlus-ARMv8-Bookworm.img.xz and other images, where checksum and signature are good.

$ cat DietPi_ROCK4CPlus-ARMv8-Bookworm.img.xz.sha256
fc1852f6c4f949c1d286831e5bd4d7fd2fdaaab78854fdfc571d261aa2a5bef8  /home/runner/work/DietPi/DietPi/DietPi_ROCK4CPlus-ARMv8-Bookworm.img.xz
$ sha256sum DietPi_ROCK4CPlus-ARMv8-Bookworm.img.xz
fc1852f6c4f949c1d286831e5bd4d7fd2fdaaab78854fdfc571d261aa2a5bef8  DietPi_ROCK4CPlus-ARMv8-Bookworm.img.xz
$ LANG=C gpg --verify DietPi_ROCK4CPlus-ARMv8-Bookworm.img.xz.asc DietPi_ROCK4CPlus-ARMv8-Bookworm.img.xz
gpg: Signature made Di 24 Dez 2024 02:36:34 CET
gpg:                using RSA key C2C4D1DEF7C96C6EDF3937B2536B2A4A2E72D870
gpg: Good signature from "MichaIng <micha@dietpi.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9741 05F4 9430 4547 F1A9  E5E0 0442 B9AD E656 43FE
     Subkey fingerprint: C2C4 D1DE F7C9 6C6E DF39  37B2 536B 2A4A 2E72 D870

Actual behaviour

$ cat DietPi_ROCKPi4-ARMv8-Bookworm.img.xz.sha256
3b466778b0555a98419232c5ad0034d08de8d1108e8f5ca0fe2a9f2ad13fd0eb  /home/runner/work/DietPi/DietPi/DietPi_ROCKPi4-ARMv8-Bookworm.img.xz.sha256 
$ sha256sum DietPi_ROCKPi4-ARMv8-Bookworm.img.xz 
02991e17d583b3c412c12281683dd231c370c442eca4eef4ed591ca534537c57  DietPi_ROCKPi4-ARMv8-Bookworm.img.xz
$ LANG=C gpg --verify DietPi_ROCKPi4-ARMv8-Bookworm.img.xz.asc DietPi_ROCKPi4-ARMv8-Bookworm.img.xz
gpg: Signature made Di 24 Dez 2024 01:54:34 CET
gpg:                using RSA key C2C4D1DEF7C96C6EDF3937B2536B2A4A2E72D870
gpg: BAD signature from "MichaIng <micha@dietpi.com>" [unknown]

Extra details

I’m based in germany.
I also downloaded via a VPN (still germany) but this didn’t change anything.
Issue seems similar to The Image for Radxa Rock 3A is corrupted and first Boot stop at few seconds - #26 by Joulinar
my rockpi-4b boots but i obviously don’t trust this

Is someone able to download this file with no corruption?

Joulinar · 7 January 2025 19:49

nope don’t think so as your system seems to be booting fine.

I’m not sure what went wrong. But I think we now have several images that show similar behavior. We use GitHub Actions to generate the images. There may have been an error here. We will probably (have to) recreate them all.

I have started the creation of a new image for the RockPi4. DietPi-Build · MichaIng/DietPi@ce1d589 · GitHub
If everything works, it should be under https://dietpi.com/downloads/images/testing/ in the end.

Joulinar · 7 January 2025 20:56

Tesing image seems to be fine now

root@DietPi5:/tmp# ls -la | grep Diet
-rw-r--r--  1 root   root   211287104 Jan  7 21:23 DietPi_ROCKPi4-ARMv8-Bookworm.img.xz
-rw-r--r--  1 root   root         833 Jan  7 21:23 DietPi_ROCKPi4-ARMv8-Bookworm.img.xz.asc
-rw-r--r--  1 root   root         135 Jan  7 21:23 DietPi_ROCKPi4-ARMv8-Bookworm.img.xz.sha256
root@DietPi5:/tmp# cat DietPi_ROCKPi4-ARMv8-Bookworm.img.xz.sha256
88278ccc437808373c303b4953520ef97556508c381571f229770062dea5ac89  /home/runner/work/DietPi/DietPi/DietPi_ROCKPi4-ARMv8-Bookworm.img.xz
root@DietPi5:/tmp# sha256sum DietPi_ROCKPi4-ARMv8-Bookworm.img.xz
88278ccc437808373c303b4953520ef97556508c381571f229770062dea5ac89  DietPi_ROCKPi4-ARMv8-Bookworm.img.xz
root@DietPi5:/tmp# LANG=C gpg --verify DietPi_ROCKPi4-ARMv8-Bookworm.img.xz.asc DietPi_ROCKPi4-ARMv8-Bookworm.img.xz
gpg: Signature made Tue Jan  7 21:05:33 2025 CET
gpg:                using RSA key C2C4D1DEF7C96C6EDF3937B2536B2A4A2E72D870
gpg: Good signature from "MichaIng <micha@dietpi.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9741 05F4 9430 4547 F1A9  E5E0 0442 B9AD E656 43FE
     Subkey fingerprint: C2C4 D1DE F7C9 6C6E DF39  37B2 536B 2A4A 2E72 D870
root@DietPi5:/tmp#

gabmert · 8 January 2025 00:11

Thanks a lot! After refreshing my browser cache I could download the files and check them. They come out as good. Tomorrow I will test booting. Thank you for the quick solution!

MichaIng · 9 January 2025 05:35

Can you check the date of the old image? I.e. is it from December 24th as well (like the signature)? Can be checked via timestamps within the archive.

… no it isn’t:

So either I forgot to clear all images from Cloudflare cache (I just checked, and I did not but indeed triggered clearing all images from cache via Cloudflare API), or it failed to be cleared via API, like it did by times for the APT repository. I just removed them all again from the cache. Checking the ROCKPi4 image … yet now the image really is the intended one, matching the signature.

So no issue with signing, just some old cache entries. How is one supposed to use the Cloudflare cache, when clearing its content is not working reliably … .

Joulinar · 9 January 2025 06:35

Probably a designed feature to force people using the pro plan