RPM checksums from the official repository and GitHub do not match

Browser Support Desktop Support
1

Description of the issue: RPM checksums from website and GitHub do not match
How can this issue be reproduced?

  1. Check the sha256 of the current RPM package at GitHub (https://github.com/brave/brave-browser/releases/download/v1.65.114/brave-browser-1.65.114-1.x86_64.rpm), which should be a2ea2a39e91453c24563cadf36ca7fb64352ec318040b9926a4e9e5ba7c21b50
  2. Download the RPM based on the instructions given at https://brave.com/linux/, except do “dnf download brave-browser”
  3. “sha256sum brave-browser-1.65.114-1.x86_64.rpm”, which results in ce13843cdab423f08fdf59ed6329050a272e60d7e817378e38cfad43af64acd6

Expected result: “sha256sum brave-browser-1.65.114-1.x86_64.rpm” for the package downloaded from the Brave repository should output a2ea2a39e91453c24563cadf36ca7fb64352ec318040b9926a4e9e5ba7c21b50, as the packages on GitHub and the official repository should be identical.

Brave Version( check About Brave): v1.65.114

Additional Information: It is concerning to me that the checksums of these two packages do not match. I trust Brave, but I need to understand why they don’t match before I install Brave on either of my computers.

2 Likes
2

Hello @justanotherfedora

i confirm that

let me tag @Mattches from the team so they fix it

and have a nice day both of you :slight_smile:

3

Thank you both for reporting — forwarding this information to Linux team now.

1 Like
4

Hello

just want to confirm that same thing happen with latest version 1.65.122

thanks again and have a nice day :slight_smile:

5

Hello again.

This issue is still present on 1.65.126.

Thanks for getting in contact with the Linux team. It’s concerning to me that there still seems to be some change between the rpm on Github and from the repo. I’d be curious whether or not this affects other packaging formats.