Bdtyktl

This has started from Ubuntu's 14.04 LTS version.

I work on Ubuntu at my office where internet works from behind a proxy server.

Earlier, I could just give the usual update commands from the terminal and they just worked.

But 14.04 LTS onwards, it has become exceedingly difficult to carry out even such a mundane task as updating my system.

Every time I try to update the system from behind the proxy, I get errors of 'Hash sum Mismatch'.

But interestingly (and to my utter dismay) when I connect to internet directly using my mobile phone's wifi, the update works absolutely normally.

I have tried all the workarounds suggested to alleviate the Hash Sum Mismatch errors. None has worked.

I suspect something is wrong with the way our proxy is configured. If not, I would really appreciate a good hand here.
Thanks.

When running the update Debian/Ubuntu will download a list of all the meta-data about a package first, from this URL:

http://us.archive.ubuntu.com/ubuntu/dists/bionic/main/binary-amd64/Packages.gz

It will contain something like this for every package:

Package: aodh-common

Architecture: all

Version: 6.0.0-0ubuntu1

Priority: optional

Section: web

Source: aodh

Origin: Ubuntu

Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>

Original-Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>

Bugs: https://bugs.launchpad.net/ubuntu/+filebug

Installed-Size: 97

Depends: adduser, dpkg-dev, python-aodh (= 6.0.0-0ubuntu1), python:any

Filename: pool/main/a/aodh/aodh-common_6.0.0-0ubuntu1_all.deb

Size: 17760

MD5sum: 8f0c651bcc7369034fea6c28653f51b9

SHA1: 7fc8dd248a5139f0f7dd3be5a49614c1b9af7186

SHA256: 98cbde3960701b083bc6744cb57fa2b3946d4d5f6c71512e2265f762d4650a3e

Homepage: https://github.com/openstack/aodh

Description: OpenStack Telemetry (Ceilometer) Alarming - common files

Description-md5: 4d4a9638c22eafe95e8cdbfdae651022

For this package it will then download this URL:

http://us.archive.ubuntu.com/ubuntu/pool/main/a/aodh/aodh-common_6.0.0-0ubuntu1_all.deb

It will then check the SHA256 hash of this similar to doing this:

$ sha256sum aodh-common_6.0.0-0ubuntu1_all.deb 

98cbde3960701b083bc6744cb57fa2b3946d4d5f6c71512e2265f762d4650a3e  aodh-common_6.0.0-0ubuntu1_all.deb

Your proxy is modifying the data which breaks the integrity hash check, because the contents have been changed. You should step through the process of running these commands manually, such as downloading the file via your browser and running sha256sum on the command line to see the hashes don't match.

Next you should see what is actually different between the files and why. It's possible your proxy is able to determine that the .deb file is an "archive" that uses gzip compression and is re-packing the contents, even if that seems rather stupid in this context it could be used for a virus/malware scanning utility.

Let's assume you have two .deb files, one downloaded via the broken proxy and one downloaded via a proper working connection. You can compare the two by unpacking them and running diff on the two directories to see which files (if any) are different. If the diff outputs no differences, then it's likely the proxy is repacking. If the diff outputs something inspect what the differences are and why your proxy is making such changes as it's likely a security concern in addition to a usability problem.

Maybe check your source list

sudo rm -rf /var/lib/apt/lists/*

then:

sudo apt-get update

Do you get the same error without connecting with proxy? try closing may be configured incorrectly