Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Code Reviews Meta
Q&A
Posts Tags Edits
Ask Question

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Post History

75%
+4 −0
Q&A Hash sum mismatch (only for openjdk-11-jdk)

"Hash Sum mismatch" printed by apt-get on Debian and derivatives means that the file as downloaded had a different cryptographic checksum (hash) than what's listed in the packages list. In this ca...

posted 2y ago by Canina‭

Answer
#1: Initial revision by user avatar Canina‭ · 2021-09-26T19:44:42Z (over 2 years ago) 
"Hash Sum mismatch" printed by `apt-get` on Debian and derivatives means that the file as downloaded had a different cryptographic checksum (hash) than what's listed in the packages list.

In this case, the package list is the one at http://us.archive.ubuntu.com/ubuntu/dists/focal-updates/main/binary-amd64 which lists the expected SHA256 hash as 9d469246b988425afdfef1011f72cfc6ece473e4dd35193005a81c7b73d865b6, consistent with what you show but not with the file that apparently ends up being downloaded.

There are four main reasons that I can think of why you might see such an error:

 * The package archive is in the process of being updated; this seems unlikely, and if that's the case, the situation should be resolved soon and after at most an `apt-get update`
 * There is an error in the packaging process (basically, the distribution vendor screwed up somewhere); if so, if the situation isn't resolved soon, you should file a bug report with them against the affected package
 * Your system is somehow misconfigured, and you need to figure out why it's downloading mismatched package manifests and package files; however, if that were the case, I would expect you to be having similar difficulties with most or all packages, not just a single one
 * There is an active attack going on somewhere, causing you to receive different packages lists and actual package files; in this case, the tools are doing their job by preventing you from installing packages with unexpected, unknown and potentially dangerous contents

You can try to spin up a VM with the same release of Ubuntu and no customizations and try to install the affected package there; if *that* works, it's likely something local to your system, and you need to figure out in what way it's misconfigured and how to fix that (which is decidedly not a software development problem, but might very well be a [Linux](https://linux.codidact.com/) question).

If that doesn't work either, and the situation doesn't get resolved in a day or two at most and with no more action on your part than an `apt-get update`, especially if you haven't made changes to your package manager configuration around the time when this started, then you are likely justified in filing a bug report against the affected package and distribution version with your distribution vendor.