42

From the Debian command line, I'm getting a hash sum mismatch after executing aptitude update; aptitude upgrade. Below is the command line output. I've tried an aptitude clean, but this does not seem to help. I've also done a few google searches, but nothing seems to help. I've been getting the mismatch error for a few days.

Any help is appreciated.

Resolving dependencies...
open: 405; closed: 880; defer: 58; conflict: 78.
The following packages will be upgraded:
  apache2.2-bin apt-utils aptdaemon aptdaemon-data avahi-daemon bind9-host dnsutils ekiga gir1.2-cogl-1.0 gir1.2-coglpango-1.0 gstreamer0.10-alsa gstreamer0.10-ffmpeg
  gstreamer0.10-plugins-base gstreamer0.10-x host libapt-inst1.5 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-core7 libavahi-glib1 libavahi-gobject0
  libavahi-ui-gtk3-0 libavahi-ui0 libavutil51 libbind9-80 libcapi20-3 libcogl-common libcogl9 libdbus-glib-1-2 libdns88 libgconf2.0-cil libgssapi-krb5-2 libgssrpc4
  libgstreamer-plugins-base0.10-0 libisc84 libisccc80 libisccfg82 libk5crypto3 libkrb5-3 libkrb5support0 liblwres80 libmp3lame0 libmtp-common libmtp-runtime libmtp9
  libpostproc52 libruby1.8 libswscale2 libsystemd-login0 libtag1-vanilla libtag1c2a libxml2 libxml2-utils linux-headers-3.2.0-4-686-pae linux-headers-3.2.0-4-common
  linux-image-3.2.0-4-686-pae linux-libc-dev linux-source-3.2 python-aptdaemon python-aptdaemon-gtk python-aptdaemon.gtk3widgets python-aptdaemon.gtkwidgets
  python-libxml2 python-numpy ruby1.8 telepathy-gabble unattended-upgrades xserver-xorg-video-ati xserver-xorg-video-radeon
The following packages are RECOMMENDED but will NOT be installed:
  krb5-locales
70 packages upgraded, 0 newly installed, 0 to remove and 168 not upgraded.
Need to get 4322 kB/136 MB of archives. After unpacking 7982 kB will be used.
Do you want to continue? [Y/n/?]
Get: 1 http://www.deb-multimedia.org/ testing/main libavutil51 i386 8:1.0.5-dmo1 [111 kB]
Get: 2 http://www.deb-multimedia.org/ testing/main libmp3lame0 i386 1:3.99.5-dmo2 [338 kB]
Get: 3 http://www.deb-multimedia.org/ testing/main libpostproc52 i386 8:1.0.5-dmo1 [79.6 kB]
Get: 4 http://www.deb-multimedia.org/ testing/main libswscale2 i386 8:1.0.5-dmo1 [126 kB]
Get: 5 http://www.deb-multimedia.org/ testing/main libtag1-vanilla i386 1.8-dmo1 [257 kB]
Get: 6 http://www.deb-multimedia.org/ testing/main libtag1c2a i386 1.8-dmo1 [9396 B]
Get: 7 http://www.deb-multimedia.org/ testing/main gstreamer0.10-ffmpeg i386 1:0.10.13-dmo1 [3402 kB]
Fetched 4322 kB in 35s (121 kB/s)                                                                                                                                                
E: Failed to fetch http://www.deb-multimedia.org/pool/main/f/ffmpeg-dmo/libavutil51_1.0.5-dmo1_i386.deb: Hash Sum mismatch
E: Unable to correct for unavailable packages
nhahtdh
  • 55,989
  • 15
  • 126
  • 162
Mark Giles
  • 449
  • 1
  • 4
  • 8

11 Answers11

72

Try using apt-get:

apt-get clean
rm -rf /var/lib/apt/lists/*
apt-get clean
apt-get update
apt-get upgrade
mkjasinski
  • 3,115
  • 2
  • 22
  • 21
  • thanks mkjasinski that seemed to work. after running apt-get upgrade i got the following message: You might want to run 'apt-get -f install' to correct these. The following packages have unmet dependencies: libavcodec53 : Depends: libavutil51 (>= 7:0.10.3) but 6:0.8.5-1 is installed libavformat53 : Depends: libavutil51 (>= 7:0.10.3) but 6:0.8.5-1 is installed E: Unmet dependencies. Try using -f. so i ran "sudo apt-get -f install libavutil5". that installed correctly. then i ran apt-get update; apt-get upgrade again and everything updated. – Mark Giles Mar 20 '13 at 14:17
  • 1
    Note that `rm -rf /var/lib/apt/lists/*` will also remove directory `/var/lib/apt/lists/partial`, so line `rm -rf /var/lib/apt/lists/partial/*` is redundant. – smbear Apr 16 '14 at 08:47
  • Just needed to remove the old lists. – he_the_great Jun 22 '14 at 00:24
33

If deleting /var/lib/apt/lists/* does not work...
(esp. if you're behind a proxy), fix "Hash Sum Mismatch" like this:

Create file /etc/apt/apt.conf.d/99fixbadproxy
with this content

Acquire::http::Pipeline-Depth 0;
Acquire::http::No-Cache true;
Acquire::BrokenProxy    true;

See also here

Mike
  • 331
  • 3
  • 2
  • @icedwater I had the hash size mismatch after my router had changed the http responses (page replacement for occasional user authentication e.g. in apartment complex or university/college). I had to launch a browser and log in so that the router wouldn't do that. Removing the lists forces a fresh download. The last apt setting reads like it says not to blindly trust the http responses so the issue does not occur again. The middle one says no cache, I removed that line as my internet is slow; hope that is fine. In short if http responses are sometimes replaced then those apt settings will help. – Andrew Smart Apr 29 '16 at 07:11
  • 2
    you sir are my hero today, I've been googling for about an hour and was clutching at straws. cntlm through our proxy worked for about a year and then suddenly stopped working. your answer fixed it. – Arno Sep 02 '16 at 10:04
  • 2
    I want to second ArnoVR - I have been tearing my hair out trying to fix this, and your solution is the only one that worked. Thanks! – Oren Ben-Kiki Oct 13 '17 at 10:48
  • You are a life saver! It is the only solution that actually worked for me! Thank you very much. I would give you +1000 points if I could! – Felipe Cruz Jun 01 '18 at 17:26
  • The only thing that worked for me. Thanks for saving my sanity @Mike! – JohnTheWalker Mar 05 '19 at 12:02
23

I had this issue using Virtualbox on Windows, with Ubuntu as my GuestOS. I was getting hash sum mismatches (among other odd errors) because Hyper-V was running on Windows. This link details how to disable Hyper-V, extract below:

Open Powershell - Run as Administrator and use the command:

bcdedit /set hypervisorlaunchtype off

Followed by a restart.

Chook
  • 231
  • 2
  • 2
  • 1
    was ripping my hairs out (and I'm bald!!) - you are a savior!! – Haim Jun 15 '20 at 17:06
  • Thanks! I've been looking all over for a solution. I'm running Ubuntu 20.04 on VirtualBox 6.1 and tried all the different variants above. But this one did the trick. It looks like it only affects 20.04, because I ended up also installing 18.04.4 and that didn't had any issues running apt-update. – Gargamel Jul 06 '20 at 21:40
  • Thank you so much! For the sake of completeness you can also alter this from "Windows Features" menu thing, just uncheck HyperV. – R. Arctor Jul 26 '20 at 21:17
  • Thank you! Disabling hyperv from "Windows Features" gui solved the problem. – Herosław Miraszewski Aug 11 '20 at 02:40
  • This did the trick for you me; thank you! – DribblzAroundU82 Oct 20 '20 at 17:30
  • Why is Hyper-V causing this behavior? I am using a WSL2 Ubuntu image, and it won't start after Hyper-V is disabled. – Étienne Dec 03 '20 at 10:31
6

I had the similar issue while installing Tizen GBS package.

Only the below solution helped me:

  1. Manually download missed *.deb packages
  2. Copy packages to the /var/cache/apt/archives
  3. Run install command again

In this case apt tool checks the local availability of the package first. If it is present under /var/cache/apt/archives path, then a download step (with hash-sum mismatch error) is skipped.

Example:

wget http://download.tizen.org/tools/latest-release/Ubuntu_16.04/amd64/librpm-tizen_4.11.0.1.tizen20140530-tizen20140723_amd64.deb

sudo cp librpm-tizen_4.11.0.1.tizen20140530-tizen20140723_amd64.deb /var/cache/apt/archives
Vadym Yaremenko
  • 61
  • 1
  • 2
2

EDIT: My ubuntu installation has crashed. I am not sure about the exact reason, but this hack is the prime suspect.

I faced a similar issue 

Get:1 http://in.archive.ubuntu.com/ubuntu artful/main amd64 openjdk-8-jre-headless amd64 8u144-b01-2 [27.3 MB]                                                                                                                                                                 
Err http://in.archive.ubuntu.com/ubuntu artful/main amd64 openjdk-8-jre-headless amd64 8u144-b01-2                                                                                                                                                                             
  Hash Sum mismatch
Hashes of expected file:
 - SHA256:46924d3fdb329b18b652bc3410f1f2c92ef1259b9a7d66bb1c5d3804b42a8c1c
 - SHA1:0097b24ef75249d381c7c3f3fb6b36593720c15e [weak]
 - MD5Sum:1ff35c4d8a2bed71dceba105801cf567 [weak]
 - Filesize:27256930 [weak]
Hashes of received file:
 - SHA256:ea6892eb6ce7cdc1674a46719302cdbf1b9d485e36bccd27247591527423bb6d
 - SHA1:8c19fbdc9f534d8d3c304374bf0c8e7b05cb620b [weak]
 - MD5Sum:1ff35c4d8a2bed71dceba105801cf567 [weak]
 - Filesize:27256930 [weak]
Last modification reported: Sat, 30 Sep 2017 20:08:32 +0000

Fortunately, the hash mismatch occurred only for one package. Since I was absolutely sure that the package that got downloaded was the intended one, I simply edited out the InRelease file.

The steps I followed: 1. grep for the expected has in /var/lib/apt/lists

sudo grep 46924d3fdb329b18b652bc3410f1f2c92ef1259b9a7d66bb1c5d3804b42a8c1c *

  1. In my case it was

    in.archive.ubuntu.com_ubuntu_dists_artful_main_binary-amd64_Packages

  2. Replaced the hash values of expected file with the hash values of received file.

  3. The upgrade went through.
teardrop
  • 420
  • 6
  • 11
1

Replace your /etc/apt/sources.list with:

deb http://http.debian.net/debian/ jessie main
deb http://http.debian.net/debian/ jessie-backports main
deb http://security.debian.org/ jessie/updates main

Then I'd also run:

sudo apt-key update -y
sudo apt-get update -y
sudo apt-get upgrade -y

That should do the trick.

@source: https://www.lowendtalk.com/discussion/62567/apt-get-hash-sum-mismatch-debian-jessie

leymannx
  • 5,138
  • 5
  • 45
  • 48
  • `jessie` was obviously current when this answer was posted, but probably needs to be adjusted for your Debian version or distro. – tripleee Oct 20 '20 at 07:22
1

For me, rm -rf /var/lib/apt/lists/* && apt-get update didn't work.
However, rm -rf /var/lib/apt/lists/* && apt update did work.

calee
  • 81
  • 2
  • 6
0

Upgrade apt with sudo apt-get install apt

TimeEmit
  • 4,516
  • 4
  • 18
  • 19
0

In my case the following solution didn't work for me:

  • /var/lib/apt/lists/*
  • Changing servers to "principal server" (or some other foreing server)

I still was having the same repository giving me the "Hash sum mismatch" error.

I solved trying this solution:

  1. go to "Software & updates"
  2. Uncheck all repositories from the "Ubuntu Software" section
  3. Select the "Autentication" section
  4. Delete all entries
  5. Make a sudo apt update (with no repositories it sould end very soon)
  6. re-open "Software & Updates" -> "Ubuntu Software" and re-check al your needed repositories
  7. try again with sudo apt update

Good luck.

Michigan
  • 129
  • 1
  • 3
0

sometime reverse proxy(apache,nginx,...) and network will make checksum issue, we can try http proxy of different region to solve the problem:

apt-get update -o Acquire::http::Proxy="$HTTP_PROXY"  -o Debug::Acquire::http=true
qxo
  • 1,584
  • 15
  • 11
0

In my case it was trying to install Nodejs from nodesource that got really problematic always ending up with: "hash sum mismatch". None of the above solutions worked.

I couldn't understand why since I was following the instructions to the letter:

# Using Debian, as root 
curl -sL nodesource-url | bash - 
apt-get install -y nodejs

Turns out that the repositories for Nodejs used https when my main debian sources.list was using http.

  • cat /etc/apt/sources.list.d/nodesource.list
deb     https://...
deb-src https://...

Changing the URLs to http and running apt-get update solved the problem.

user3540325
  • 61
  • 1
  • 5