Chrome - apt-get update Failed to fetch http://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages.bz2 Hash Sum mismatch [duplicate]

google-chrome apt package-management updates 64-bit

I'm getting this same exact error "hash sum mismatch" on both Ubuntu 14.04 as well as Ubuntu 16.04, and only 16.04 complains about the encryption algorithm.

The source of this problem seems to be twofold:

  1. apt deprecated sha1 recently, which explains the warnings we have been getting from the google repo since the latest LTS was released.
  2. Google was going to provide a fix for the "weak digest algorithm" warnings at some point: (https://bugs.chromium.org/p/chromium/issues/detail?id=596074)

The following is speculative, but seems to fit the symptoms we're seeing:

Google may have rolled out new hashes that no longer match the GPG pub key signatures that everyone is using, presumably these are no longer sha1sums. This might mean they've created hashes for new keys, but have yet to publish new GPG pubkey sigs to go with them for the repo, hence the hash mismatch.

If this turns out to be true, besides being incredibly annoying, there's not much we can do until Google gets their act together.

I suspect this is just a matter of time, and we should see a fix soon(ish),in the form of new GPG pubkey signatures we should be using. It should be easy to add the latest ones with:

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

Assuming of course that the link to the new keys doesn't change; I'm going to be keeping an eye out for changes there.

If you're frustrated with the messages, you can disable them by commenting out the sources in /etc/apt/sources.list.d/google-chrome.list.

software-properties-gtk will allow you to remove any of Google's existing signatures in the authentication tab, before adding the new ones.

And if you've deleted the repo files (like I did several times today) you can setup the repos properly by installing the .deb again, just make sure you set the repo_add_once variable to "true" in /etc/defaults/google-chrome. The file should look like this:

repo_add_once="true"
repo_reenable_on_distupgrade="true"

This of course is NOT a fix for anything at the moment, but will configure everything properly again. Also, last little caveat - the script that installs the repos usually has a copy of the GPG signature in it, so you might want to update the apt-key again before you do an apt-get update.

Here's hoping this problem goes away soon.

Related

How to install module.ko module without kernel signature or kernel rebuild in Ubuntu 16.04?
How can I iterate more quickly when creating a snap?
Is it really that bad to catch a general exception?
Installing Windows 10 after Ubuntu on a second drive
Determine when laptop was last plugged in to power
Problems installing Julia language
Most efficient way to append arrays in C#?
Xrdp - How do I connect remotely to an existing local session?
Are there differences between CLI and TUI?
Chromium/Chrome out of memory crash / Aw Snap? [closed]
How to set user environment variables in Windows Server 2008 R2 as a normal user?
Simple way of enabling SSLv2 and SSLv3 in OpenSSL?