XG extracting gzip - Damaging signatures

Hello, im an OpenSuSe user, rolling release edition, which needs almost daily updates, but i've been unable to do it at work, since the XG is causing me troubles, I did not take notice when this started to happen but it migh have been in the last 3 months. the XG is runing latests version.

The cause seems to be the device downloading a gzip file but returning uncompressed contenct to the client (zypper refresh), since this files have a hash (sha256) they are seen as corrupted by the tool.

 

Warning: Digest verification failed for file '0e8d6ecdb86684f474eae515fc9ad59a95be236740da71b2959fc7fad8b9afbb-primary.xml.gz'
[/var/tmp/AP_0xpLpu7T/repodata/0e8d6ecdb86684f474eae515fc9ad59a95be236740da71b2959fc7fad8b9afbb-primary.xml.gz]

  expected 0e8d6ecdb86684f474eae515fc9ad59a95be236740da71b2959fc7fad8b9afbb
  but got  ce5e5196c2ef561dd65dac18add5fbc9c4606b04b443cf029f48badf4138cdab

 

Running "file" on it is identified as XML/text, reading its content shows XML, not te expected gzip. I've tried creating an exception for policies, and disabling IPS with no luck.

 

Any suggestions are welcome

  • If you make a rule without filtering at all, does this still happen?

  • In reply to MasterRoshi:

    Hello MasterRoshi, doing that works as expected, the problem seems related to a web policy. This happens with my customized work web policy and also the 'accept all'.

    Also, enabling HTTP inspection causes the issue, it looks like a proxy specific thing.

  • In reply to Lucho:

    I can see how AV could cause an issue here but not sure how 'allow all' without http/s scanning enabled would. 

    I would suggest making a web exception for all the SUSE update domains and seeing if it still happens (maybe disable pharming protection too).

    If you want to dig deeper, you can always open up a support case.

  • In reply to MasterRoshi:

    Exceptions (in URL group) did not fix it.

    URL: "download\.opensuse\.org/"

    checks disabled: HTTPS Decription, policy checks, and malware and content scanning

     

    I'll open a case later. Thanks!