Issues with 2.0.1 ISO md5/sha256 sum

  • Hello pfSense admins,
      I just tried to download the newest stable version of pfSense-2.0.1-RELEASE-i386.iso.gz from  I checked the md5sum and sha256sum.  Both failed.  I tried downloading it again figuring it was just a bad download.  When I tested the check sums again, they failed again.  I suspect someone should look into this to see if this is just a bad upload with the mirror replication.  I hope it isn't anything more sinister.

  • Ok.. this is getting a bit scary.  I got a good download from  i compared the two ISO files:  I found it odd that the 'bad' one is almost 13MB larger (on disk).  Usually bad uploads are smaller than the good one.  The .bad file is from NYI and the properly named one is from phoenixkv.

    -rw-rw-r– 1 btyger btyger  102638465 Dec 11 17:37 pfSense-2.0.1-RELEASE-i386.iso.gz
    -rw-rw-r-- 1 btyger btyger  115838976 Dec 11 17:30 pfSense-2.0.1-RELEASE-i386.iso.gz.bad

  • Sounds like your browser extracted the gzip on the fly. The actual file on the server is correct.

  • It seems to be webserver server configuration difference.  As I mentioned before, when I download it from everything seem to be ok.  Once I manually ungzipped the file from, the both the NYI and Pheonixkv files were the same were the same in size and checksum.  I suspect the NYI server is setting that the gzip compression method is allowed in the HTTP header.  Chrome then decompressed the file instream.  This left the file in an already decompressed state even thought the download filename said it was still a .gz file.

    I don't know how easy this can be fixed, but it can really confuse or scare pfSense installers.

  • yeah Chrome isn't playing nicely with thttpd for some reason. I don't see any config options related to that in thttpd. Anyone know how to fix that? We use it because that server serves the bogon updates and it scales awesomely well for huge scale file downloads where Apache was a real headache. I'll look at it more at some point when time permits.

Log in to reply