Failed verification for Fedora 37, but should succeed

[CristianKerr]

Describe the bug When checking fedora workstation iso, the verification fails, but it should succeed. If you verify using different methods (e.g. tutorial on https://getfedora.org/en/security/ or manually checking sha256 checksum with content of the checksum file).

To Reproduce Steps to reproduce the behavior:

1. Go to https://getfedora.org/en/workstation/download/
2. Download "Fedora 37: x86_64 Live ISO"
3. Go to https://getfedora.org/en/security/
4. Download "Fedora 37 x86_64 (iso) CHECKSUM"
5. Open iso file in collision
6. Click Verify
7. Open checksum file
8. Failed

Expected behavior Verification successful

Screenshots

Environment (please complete the following information):

• OS: Pop!_OS 22.04
• Install method: Flathub

Additional context In terminal, using method from fedora tutorial I get also a warning:"sha256sum: WARNING: 19 lines are improperly formatted". It might be related.

[GeopJr]

Thanks for raising this issue!

The "Check against a file tool" (the one in the screenshot below):

is meant to check the main file (the .iso in your case) against another file to see if they match (or rather their hashes).

This means that in your situation, it checks if one of the hashes of the .iso matches one of the hashes of the checksum file but NOT the hashes listed in the checksum.

(The ideal use for the "file tool" would be e.g. having 2 isos, one named "fedora1.iso" and another named "fedora2.iso" and wanting to see if they are the exact same file).

A workaround for your situation would be to open the "checksum" file with a text editor, copy the hash and paste it in the "checksum tool" (which appears you might have already done according to your screenshot).

Reading the checksum from a "checksum" file is more fitted for a feature request which I'll open for you!

[CristianKerr]

@GeopJr Hi, thank you for your reply. It looks like I grossly misunderstood how the tool works. Sorry for false alarm then 😅