APT fails to download or verify package metadata with a 'Hash Sum mismatch' error. This occurs when the checksum computed by APT does not match the expected value, usually due to corrupted downloads or metadata cache issues.
The 'Hash Sum mismatch' error indicates that APT has downloaded package metadata but the computed checksum does not match the value listed in the repository's top-level metadata file. This is a data integrity check that prevents installation of potentially corrupted packages. The error can occur due to a bug in APT's lzma decompression, incomplete downloads from network issues, mirror synchronization problems, or corrupted local cache files.
The most common solution is to remove all cached repository metadata and let APT re-download it:
sudo rm /var/lib/apt/lists/* -vf
sudo apt-get updateThis removes corrupted metadata files and forces APT to fetch fresh copies from the repository.
As a temporary workaround, configure APT to use gzip compression instead of lzma, which avoids the decompression bug:
sudo apt-get update -o Acquire::CompressionTypes::Order::=gzFor a permanent fix, create a configuration file:
sudo nano /etc/apt/apt.conf.d/99compression-workaroundAdd this line:
Acquire::CompressionTypes::Order:: "gz";Save and exit. Now apt-get update will prefer gzip compression.
If the error persists with the default mirror, try switching to an official mirror that may be fresher:
sudo nano /etc/apt/sources.listChange the mirror URL. For example, on Ubuntu, you can use a different CDN mirror. Then run:
sudo apt-get updateIf a specific mirror is syncing, using an alternative mirror can resolve the issue immediately.
For systems running Ubuntu 14.04 or Debian 8 and newer, upgrade APT to get the lzma decompression fix:
sudo apt-get install --only-upgrade aptThe bug was fixed in APT version 1.0 and later. After upgrading, run:
sudo apt-get updateIf the downloaded file size is significantly smaller than expected, your network connection may be the issue:
- Check your internet speed: speedtest-cli or similar tools
- Verify connectivity: ping 8.8.8.8
- Restart your modem and router
- Try again with a more stable connection
A stable, fast connection helps ensure metadata files are downloaded completely and correctly.
The core cause of this error is a known bug in APT's lzma decompression code. When APT downloads compressed metadata files (.xz format), the decompression can occasionally corrupt the file, resulting in a checksum mismatch. This bug was fixed in APT 1.0 and later. For systems running older APT versions (very rare now), upgrading APT is the permanent solution. Modern systems running Ubuntu 16.04+, Debian 9+, or similar will have APT 1.2.0+, which includes the Acquire-by-hash feature that further prevents race conditions during mirror syncs. If you're experiencing this on a modern system, cache corruption is the most likely cause, and clearing the lists directory resolves it in 95% of cases.
E: Could not connect to proxy server
Could not connect to proxy server
E: Package 'package:i386' has no installation candidate
How to fix "Package package:i386 has no installation candidate" in apt
E: The value 'value' is invalid for APT::Default-Release
How to fix invalid APT::Default-Release value in APT
dpkg: error: unable to create new file 'path': Permission denied
How to fix dpkg permission denied errors in APT
subprocess installed post-removal script returned error exit status 1
How to fix "subprocess installed post-removal script returned error exit status 1" in APT