Hash mismatch on "apt update"

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command only once, as it will automatically gather debugging information, in a terminal:

apport-collect 1890006

When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Don't see any reason for any apport collecting here.

This needs a clean reproducer or someone with the issue to do the work to analyse what's wrong.

Looking at the bug report, the output from the reproducer matches that of the commandline tools?

apport information

apport information

Here is apport stuff, and there are more news.

I confirmed that the problem was in the gcrypt. More precisely, disabling SSSE3 fixes this issue (echo intel-ssse3 > /etc/gcrypt/hwf.deny).

The Virtualbox (running on Windows 10) was using software virtualization ("execution engine: native API") instead of VT-x - this might be the root cause (i.e. bug is in Virtualbox), but I'm helping a friend and don't have direct access to that PC, so can't test what's blocking VT-x. Hyper-V and WSL are disabled in Windows features, the person hasn't checked whether VT-x is enabled in BIOS yet.

VT-x status in BIOS is a red herring. Turns out modern Virtualbox won't even start VM's without VT-x.

A true cause turned out to be "Windows Sandbox" feature (although I imagine for some other users the problem might be triggered by "Windows Subsystem for Linux" or anti-virus software).

Here is how to reproduce it in Windows 10:

  1. Enable "Windows Sandbox" (Control panel -> Programs and Features -> Turn Windows features on or off)
  2. After restart run Ubuntu live ISO in virtualbox and notice that
    a) VM slows to a crawl, some apps (firefox) start crashing randomly, etc
    b) Virtualbox shows "green turtle" icon (third from the right on the lower panel) which lists Execution engine as "native API" instead of "VT-x"
    c) Running "apt update" produces error mentioning "hash mismatch"
    d) Running workaround (mkdir -p /etc/gcrypt; echo intel-ssse3 > /etc/gcrypt/hwf.deny) fixes the apt error
  3. Disable "Windows Sandbox" feature
  4. After Windows restart run Ubuntu in Virtualbox and be surprised by green turtle still being there, all mentioned problems still present
  5. Restart Windows second time, run Ubuntu in Virtualbox again, this time there is a blue chip instead of green turtle and apt works without workarounds

Clearly it seems that gcrypt isnt at fault here and the true culprits are Windows Sandbox (possibly some other mechanism that Windows Sandbox enables) and/or Virtualbox. However the result is that new users are getting wrong impression about GNU/Linux and Ubuntu in particular (it appears slow and lags during "live" phase, fails to update after install).

So I'd say Ubuntu should detect that it's being run in this broken virtualization mode, show the informative explanation to user (that their current experience isn't representative && how they can fix that) or at least enable the workaround for gcrypt (although if SSSE3 is buggy in this mode, I imagine more things are stealthily broken).

Surprisingly Ubuntu still finishes installation, even with default "update from internet" option enabled. After installation, "apt update" still produces the same "hash mismatch" errors though. Enabling workaround and rerunning "apt update" predictably finds many more (292 right now) packages that are to be upgraded. This fail-open behavior (installer and updater ignoring the errors) will no doubt lead to subtle bug down the road for the users as well (I'd argue that it's a security issue as well - users not being informed about security patches they're missing).

I've spent a day trying to figure out why my VMs were not working until I found this report.

TLDR: Windows Sandbox in itself does not break the virtualization for Virtualbox, what does is the Virtual Machine Platform (on which I guess Windows Sandbox depends on).

I'll try to gather everything I experienced so someone smarter can make use of it:

So I upgraded to WSL2 which requires Virtual Machine Platform to be enabled. Couple of days later I tried opening an existing, already configured and previously working VM with Ubuntu Server 20.04, it got stuck at trying to perform some RAID6 xor check (excuse my incompetence). Shut down the VM, restore to a stable snapshot, now it got stuck at "Loading essential drivers...". Shut down, restore snapshot, reset voltages in Throttlestop (undervolt), reboot. Now the VM starts for some reason, super slow though, and I'm getting Hash Sum mismatch on apt update/upgrade. Tried a desktop Ubuntu VM, starts super slow, same mismatch error. WSL and my Linux server works fine on the same network, so that's not the issue. Finally I found this thread, and indeed, Virtualbox was running in native API execution engine, disabled Virtual Machine Platform in Windows, reboot, voila, works!

I guess don't upgrade to WSL2 if you intend to use Virtualbox (WSL1 does not need Virtual Machine Platform).

Status changed to 'Confirmed' because the bug affects multiple users.

I am also affected by the bug,
echo all > /etc/gcrypt/hwf.deny fixed it.

The sha1 and md5 sum were equals but the sha256 sums were different.

Thanks a lot for the deep analysis you've all done. When searching for "virtual machine platform" and "virtualbox", I find threads like https://superuser.com/questions/1594527/virtualbox-vms-cannot-start-after-enabling-virtual-machine-platform-feature which indicate that an update to VirtualBox has solved issues related to this.

Does the problem still happen with newer virtualbox and/or windows versions? Thanks.

[Expired for libgcrypt20 (Ubuntu) because there has been no activity for 60 days.]