I tried to verify the version 14 Workstation image but the SHA512 hash does not match up, and the file seems corrupt when I tested to just mount the image in VirtualBox.
Does anybody else have this problem?
I downloaded it both from web and .onion link.
To verify the hash and disregard on mismatch is a security malpractice.
Try redownload? Does gpg verification work?
I do have an issue with current hashes as well:
mine: 6218adc9975a7b5098c33b1cc4e459c3528e2245d6490fc936f35e7d6f3421fff250bcabe8bee36d495480d656b967aa02c7a1c37840b51efd31ea4cbb8fe465 Whonix-Workstation-XFCE-188.8.131.52.9.libvirt.xz
downloade twice here: https://download.whonix.org//libvirt/184.108.40.206.9/
Signatures are proofed as correct
That is what I get for Workstation. Didn’t check Gateway.
Thank you -so somebody should be contacted to update the file - do you know who that is?
Please be patient. Whonix developers will respond as soon as they can.
Thank you - don’t worry - its Sunday and year end - I am patient
These files belong to the defective images I had replaced for this build. I thought rsync will overwrite them but it seems we need to purge them from the server so the new ones can be uploaded.
I might not be able to do this soon as we are in holiday season. Sorry for the inconvenience.
Summary: the script that prepares the release is broken for some reason I’m yet to find out why. When I manually sign the image it does not produce hashes anymore, so what you got were the old hashes. They were never replaced since the manual step doesn’t regenerate checksums. I will need to find out how to do this step too and fix this.
Fixed. Thanks for reporting the issue.