My thanks to the people at Dell (at least seven of whom were involved in looking into this). I re-downloaded again today, and this time the copy was indeed different (and now passes signature verification).
Looking at a diff of the two files (passed through iconv -f UTF-16BE -t UTF-8, for readability), it seems that the version I downloaded a few days ago was a (cached?) copy of an earlier (pre-release?) version of this DUP: > - <SoftwareComponent schemaVersion="1.0" packageID="R216024" > releaseID="R216024" dateTime="2009-04-03T16:25:28-05:00" releaseDate="April > 03, 2009" vendorVersion="6.2.0-0013" dellVersion="A11" packageType="LLXP" > xmlGenVersion="1.0.3376"> > + <SoftwareComponent schemaVersion="1.0" packageID="R216024" > releaseID="R216024" dateTime="2009-04-28T19:58:45-05:00" releaseDate="April > 28, 2009" vendorVersion="6.2.0-0013" dellVersion="A11" packageType="LLXP" > xmlGenVersion="1.0.3376"> > - <Display lang="en"><![CDATA[1. Improved disk medium error correction in > certain scenarios. > + <Display lang="en"><![CDATA[1. Enhanced disk IO performance in multiple SAS > and SATA configurations. > - 2. Improved handling of faulty backplanes and enclosures. > + 2. Improved random IO performance. > [there's more of this - anyone who is interested in the details let me know] Anyhow, the problem is now solved - thanks for all your help. If nothing else, this does demonstrate the usefulness of verifying the signatures when downloading DUPs! @alex [email protected] wrote: > He probably has a bad download (even though he said he downloaded several > times). If the download program is corrupting it (say, downloading in ascii > mode), then it doesnt matter how many times it gets downloaded. > > $ gpg --verify RAID_FRMW_LX_R216024.BIN.sign RAID_FRMW_LX_R216024.BIN > gpg: Signature made Thu 18 Jun 2009 04:24:20 PM CDT using DSA key ID 23B66A9D > gpg: Good signature from "Dell, Inc. (Product Group) > <[email protected]>" > gpg: aka "Dell Computer Corporation (Linux Systems Group) > <[email protected]>" > > -- > Michael > > -----Original Message----- > From: Cao, Yong > Sent: Wednesday, July 22, 2009 2:19 PM > To: Qian, Angela; Wagner, Leslie A > Cc: Yuan, Lynn > Subject: RE: bad signature for PERC6/i firmware update? > > The Linux DUP and signature file are both good on ftp. See my attached > screenshot. > > From "md5sum.jpg", you will see the MD5 hash of the DUP, I downloaded, is > different than the one of Alex's. > > I think either Alex got a tampered DUP or the ftp.dell.com has problems while > he downloading the DUP. > > -- mailto:[email protected] _______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge Please read the FAQ at http://lists.us.dell.com/faq
