Hello,
today i downloaded Rocky-8.4-x86_64-minimal.iso TWICE and checked its checksum. https://download.rockylinux.org/pub/rocky/8/isos/x86_64/CHECKSUM says that it should be 0de5f12eba93e00fefc06cdb0aa4389a0972a4212977362ea18bde46a1a1aa4f - but computed sha256sum is 1d182ca0da3e2ae4dcb20eed9e31af94a875debc981dfa23330a1fc6863a862c.
What’s going on?
I have the same issue.
Checksum for minimal ISO: 1d182ca0da3e2ae4dcb20eed9e31af94a875debc981dfa23330a1fc6863a862c
Checksum for boot ISO: 112b261f21060b21ff95261a7bad24541550c1a81b81e6b66cf30de0df5674d5
The pre-installation media check fails on both ISO files.
Hello, I’m running a mirror and I’ve just double-checked what I’m seeing on the mirrors server disk by testing the checksums for the aarch64 and x86_64 isos:
mirror@mirror:x86_64$ sha256sum -c CHECKSUM
Rocky-8.4-x86_64-boot.iso: OK
Rocky-8.4-x86_64-boot.iso.manifest: OK
Rocky-8.4-x86_64-dvd1.iso: OK
Rocky-8.4-x86_64-dvd1.iso.manifest: OK
Rocky-8.4-x86_64-minimal.iso: OK
Rocky-8.4-x86_64-minimal.iso.manifest: OK
mirror@mirror:aarch64$ sha256sum -c CHECKSUM
Rocky-8.4-aarch64-boot.iso: OK
Rocky-8.4-aarch64-boot.iso.manifest: OK
Rocky-8.4-aarch64-dvd1.iso: OK
Rocky-8.4-aarch64-dvd1.iso.manifest: OK
Rocky-8.4-aarch64-minimal.iso: OK
Rocky-8.4-aarch64-minimal.iso.manifest: OK
I’m not seeing any issues with broken ISOs coming downstream. I’m really curious what happens here and if this is just related to a few mirrors.
I’ve verified also the CHECKSUM signature with
aarch64$ gpg2 --verify CHECKSUM.sig CHECKSUM
gpg: Signature made Mon 21 Jun 2021 12:47:55 AM CEST
gpg: using EDDSA key BFC3D8F20D15F4FD46281D7FAA650F52D6C094FA
gpg: issuer "infrastructure@rockylinux.org"
gpg: Good signature from "Core Infrastructure <infrastructure@rockylinux.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BFC3 D8F2 0D15 F4FD 4628 1D7F AA65 0F52 D6C0 94FA
x86_64$ gpg2 --verify CHECKSUM.sig CHECKSUM
gpg: Signature made Mon 21 Jun 2021 12:48:06 AM CEST
gpg: using EDDSA key BFC3D8F20D15F4FD46281D7FAA650F52D6C094FA
gpg: issuer "infrastructure@rockylinux.org"
gpg: Good signature from "Core Infrastructure <infrastructure@rockylinux.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BFC3 D8F2 0D15 F4FD 4628 1D7F AA65 0F52 D6C0 94FA
haven’t seen any issues with the imported Rocky Linux public key.
I just tried your mirror and am getting the correct hash (matches with the CHECKSUM file).
My report was regarding the download button on the website [https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8.4-x86_64-minimal.iso]. That one is still giving me the different hash (1d182…; see above).
I went ahead and downloaded all of the ISOs and CHECKSUM files from the links published on the download page of the main Rocky website just to be sure the links and any cache between my system on the website were good.
Here is what I found…
x86_64
➜ Downloads mv CHECKSUM CHECKSUM.x86_64
➜ Downloads cat CHECKSUM.x86_64
# Rocky-8.4-x86_64-boot.iso: 754974720 bytes
SHA256 (Rocky-8.4-x86_64-boot.iso) = 53a62a72881b931bdad6b13bcece7c3a2d4ca9c4a2f1e1a8029d081dd25ea61f
# Rocky-8.4-x86_64-boot.iso.manifest: 635 bytes
SHA256 (Rocky-8.4-x86_64-boot.iso.manifest) = 5357837d44628b282a3164ca3c4581aaca7c068fb3c83c25f85594a554c67810
# Rocky-8.4-x86_64-dvd1.iso: 9907994624 bytes
SHA256 (Rocky-8.4-x86_64-dvd1.iso) = ffe2fae67da6702d859cfb0b321561a5d616ce87a963d8a25b018c9c3d52d9a4
# Rocky-8.4-x86_64-dvd1.iso.manifest: 490423 bytes
SHA256 (Rocky-8.4-x86_64-dvd1.iso.manifest) = ed07be33e4c988254ec34b991c624de4216f0e73682baa9f2e83bfdb540f0366
# Rocky-8.4-x86_64-minimal.iso: 1980760064 bytes
SHA256 (Rocky-8.4-x86_64-minimal.iso) = 0de5f12eba93e00fefc06cdb0aa4389a0972a4212977362ea18bde46a1a1aa4f
# Rocky-8.4-x86_64-minimal.iso.manifest: 95990 bytes
SHA256 (Rocky-8.4-x86_64-minimal.iso.manifest) = 91e0aa3d779aa74fe7fd1dacdb861af89d666011a08a27a1315ffe647cd0c117
➜ Downloads shasum -a 256 --ignore-missing -c CHECKSUM.x86_64
Rocky-8.4-x86_64-boot.iso: OK
Rocky-8.4-x86_64-dvd1.iso: OK
Rocky-8.4-x86_64-minimal.iso: OK
aarch64
➜ Downloads mv CHECKSUM CHECKSUM.aarch64
➜ Downloads cat CHECKSUM.aarch64
# Rocky-8.4-x86_64-boot.iso: 754974720 bytes
SHA256 (Rocky-8.4-x86_64-boot.iso) = 53a62a72881b931bdad6b13bcece7c3a2d4ca9c4a2f1e1a8029d081dd25ea61f
# Rocky-8.4-x86_64-boot.iso.manifest: 635 bytes
SHA256 (Rocky-8.4-x86_64-boot.iso.manifest) = 5357837d44628b282a3164ca3c4581aaca7c068fb3c83c25f85594a554c67810
# Rocky-8.4-x86_64-dvd1.iso: 9907994624 bytes
SHA256 (Rocky-8.4-x86_64-dvd1.iso) = ffe2fae67da6702d859cfb0b321561a5d616ce87a963d8a25b018c9c3d52d9a4
# Rocky-8.4-x86_64-dvd1.iso.manifest: 490423 bytes
SHA256 (Rocky-8.4-x86_64-dvd1.iso.manifest) = ed07be33e4c988254ec34b991c624de4216f0e73682baa9f2e83bfdb540f0366
# Rocky-8.4-x86_64-minimal.iso: 1980760064 bytes
SHA256 (Rocky-8.4-x86_64-minimal.iso) = 0de5f12eba93e00fefc06cdb0aa4389a0972a4212977362ea18bde46a1a1aa4f
# Rocky-8.4-x86_64-minimal.iso.manifest: 95990 bytes
SHA256 (Rocky-8.4-x86_64-minimal.iso.manifest) = 91e0aa3d779aa74fe7fd1dacdb861af89d666011a08a27a1315ffe647cd0c117
➜ Downloads shasum -a 256 --ignore-missing -c CHECKSUM.aarch64
Rocky-8.4-aarch64-boot.iso: OK
Rocky-8.4-aarch64-dvd1.iso: OK
Rocky-8.4-aarch64-minimal.iso: OK
So… everything looks good from my end. If your CHECKSUM files don’t match these and / or you cannot verify checksums on ISOs and you ISOs test out correctly as valid ISOs please let us know.
I redownloaded the minimal ISO today and now the checksum matches. I guess it fixed itself. 
Downloading the DVD ISO image from the main website still gives me wrong checksum. Have tried a couple of times today, and both times I got different checksums for the file. Downloading from @indigo’s mirror also gives me wrong checksum. Today is the first time I encounter the issue, though.
Thanks, @arehandoro for the feedback, I’ve just tried to verify the problem and did the following from one of my servers hosted on IONOS in Germany. I’ve just ran a recursive download for all ISO images for the x86_64 architecture with wget --recursive --no-parent https://mirror.informatik.hs-fulda.de/rocky/8/isos/x86_64/ and ran the sha256sum -c CHECKSUM without any issues.
Yesterday, Aug 31, I downloaded Rocky-8.4-x86_64-minimal.iso and the checksum was correct (as in the original post), e.g.
0de5f ... aa4f