Go version
go1.25.4.linux-amd64.tar.gz
Output of go env in your module/workspace:
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE=''
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/home/dave/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/home/dave/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4046053950=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/dev/null'
GOMODCACHE='/home/dave/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/dave/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/dave/.local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/dave/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/dave/.local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.25.3'
GOWORK=''
PKG_CONFIG='pkg-config'
What did you do?
trying to download, verify, and install go1.25.4.linux-amd64.tar.gz from the go download page the sha256sum listed on the page does not match the sum calculated from the downloaded file
What did you see happen?
output from sha256sum of downloaded file: a8ae67a43f46994ebefa22aa83f52f415125bedfd0455eba5a08a3cc82160044 go1.25.4.linux-amd64.tar.gz does not match 9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec
What did you expect to see?
sums should match
Comment From: randall77
I get the 9fa* sum when I download it. Make sure you got the whole thing. 59766394 bytes.
Comment From: dnelsonmc
Hmmm, downloaded it directly with wget and got the correct results. Maybe a bug with Firefox 144.0.2 Linux??
On Sat, Nov 8, 2025, 12:43 AM Keith Randall @.***> wrote:
randall77 left a comment (golang/go#76228) https://github.com/golang/go/issues/76228#issuecomment-3506017313
I get the 9fa* sum when I download it. Make sure you got the whole thing. 59766394 bytes.
— Reply to this email directly, view it on GitHub https://github.com/golang/go/issues/76228#issuecomment-3506017313, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC63OG652BVQCUNIFZ5KBXT33V7J5AVCNFSM6AAAAACLQIOTP2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKMBWGAYTOMZRGM . You are receiving this because you authored the thread.Message ID: @.***>
Comment From: gabyhelp
Related Issues
- x/website: SHA256 Checksum incorrect in Ubuntu #42796 (closed)
- x/website: #49034 (closed)
- website: go1.22.0.linux-amd64.tar.gz contains wrong go version (go1.21.4) #65837 (closed)
- go.dev/dl/: wrong version for darwin-amd64 #64768 (closed)
- go1.16.12: Source release hash doesn't match to the package. #55298 (closed)
- x/website: wrong checksum for go1.18.8.windows-amd64.msi #56513 (closed)
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
Comment From: cocokolo
Met the same issue today, using curl solved this problem. But I found out that if I add -H "Accept-Encoding:gzip, deflate, br, zstd" to download request(I found this in request header from Firefox), this issue appears again.
// checksum 9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec
curl -L -O https://go.dev/dl/go1.25.4.linux-amd64.tar.gz
// checksum a8ae67a43f46994ebefa22aa83f52f415125bedfd0455eba5a08a3cc82160044
curl -L -H "Accept-Encoding:gzip, deflate, br, zstd" -O https://go.dev/dl/go1.25.4.linux-amd64.tar.gz
Does this count as a bug?
Comment From: joh-ku
I ran into the same problem and I think there's something wrong with the tarballs.
The files, specifically go1.25.3.linux-amd64.tar.gz and go1.25.4.linux-amd64.tar.gz, appear to have been compressed twice, meaning they should be named *.tar.gz.gz.
Using a tool like gunzip to decompress it just once gives me the correct SHA-256 sum and finally allows me to decompress the contents.
jkunde@fedora-joku:~/test$ wget https://go.dev/dl/go1.25.4.linux-amd64.tar.gz
HTTP response 302 [https://go.dev/dl/go1.25.4.linux-amd64.tar.gz]
Adding URL: https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
Adding URL: https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
Saving 'go1.25.4.linux-amd64.tar.gz'
HTTP response 200 [https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz]
go1.25.4.linux-amd64 100% [=========================================================================================>] 56.57M 38.16MB/s
[Files: 1 Bytes: 56.57M [27.20MB/s] Redirects: 1 Todo: 0 Errors: 0 ]
jkunde@fedora-joku:~/test$ sha256sum go1.25.4.linux-amd64.tar.gz
a8ae67a43f46994ebefa22aa83f52f415125bedfd0455eba5a08a3cc82160044 go1.25.4.linux-amd64.tar.gz
jkunde@fedora-joku:~/test$ gunzip go1.25.4.linux-amd64.tar.gz
jkunde@fedora-joku:~/test$ sha256sum go1.25.4.linux-amd64.tar
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec go1.25.4.linux-amd64.tar
jkunde@fedora-joku:~/test$ tar -xzf go1.25.4.linux-amd64.tar
jkunde@fedora-joku:~/test$
See also: https://lore.kernel.org/all/2b875d1c-50ef-4679-bb41-3e1cf89791b3@gmail.com/
Comment From: randall77
@golang/release
Comment From: dmitshur
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec is the right sha256 checksum for the go1.25.4.linux-amd64.tar.gz file. It can be reproduced with distpack by building Go 1.25.4 from source:
$ cd $(mktemp -d)
$ git clone https://go.googlesource.com/go
Cloning into 'go'...
$ cd go
$ git checkout go1.25.4
$ cd src
$ GOOS=linux GOARCH=amd64 ./make.bash -distpack
[...]
Packaging archives for linux/amd64.
distpack: 160043b7f17b6d60 go1.25.4.src.tar.gz
distpack: 9fa5ffeda4170de6 go1.25.4.linux-amd64.tar.gz
distpack: f4fa35e13952bae9 v0.0.1-go1.25.4.linux-amd64.zip
distpack: 58528cce1848ddf4 v0.0.1-go1.25.4.linux-amd64.mod
distpack: f8858a0102ad4cfa v0.0.1-go1.25.4.linux-amd64.info
$ shasum -a 256 ../pkg/distpack/go1.25.4.linux-amd64.tar.gz
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec ../pkg/distpack/go1.25.4.linux-amd64.tar.gz
It matches what curl -L gives:
$ curl -L 'https://go.dev/dl/go1.25.4.linux-amd64.tar.gz' | shasum -a 256
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 75 100 75 0 0 554 0 --:--:-- --:--:-- --:--:-- 555
100 56.9M 100 56.9M 0 0 34.7M 0 0:00:01 0:00:01 --:--:-- 37.8M
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec -
As https://github.com/golang/go/issues/76228#issuecomment-3506490604 points out, it seems the a8ae67a43f46994ebefa22aa83f52f415125bedfd0455eba5a08a3cc82160044 checksum happens when issuing a GET request with "Accept-Encoding: gzip" header, and the download server applies gzip encoding to the go1.25.4.linux-amd64.tar.gz file and reduces the transfer size (very slightly, since the original file is already a compressed tarball):
$ curl -L -H "Accept-Encoding: gzip" 'https://go.dev/dl/go1.25.4.linux-amd64.tar.gz' | shasum -a 256
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 75 100 75 0 0 596 0 --:--:-- --:--:-- --:--:-- 600
100 56.5M 100 56.5M 0 0 9.8M 0 0:00:05 0:00:05 --:--:-- 10.6M
a8ae67a43f46994ebefa22aa83f52f415125bedfd0455eba5a08a3cc82160044 -
Note that other than being compressed slightly more, its content is identical to that of the original file. Only the top-top level checksum doesn't match (since it's compressed to be smaller).
$ diff <(curl -s -L 'https://go.dev/dl/go1.25.4.linux-amd64.tar.gz') \
<(curl -s -L -H "Accept-Encoding: gzip" 'https://go.dev/dl/go1.25.4.linux-amd64.tar.gz')
Binary files /dev/fd/11 and /dev/fd/12 differ
$ diff <(curl -s -L 'https://go.dev/dl/go1.25.4.linux-amd64.tar.gz') \
<(curl -s -L -H "Accept-Encoding: gzip" 'https://go.dev/dl/go1.25.4.linux-amd64.tar.gz' | gunzip --stdout)
$ echo $?
0
This might not be specific to Go 1.25.4, though, but rather to the dl.google.com server. Something similar can be reproduced with another non-Go file too, like:
$ curl -L --silent 'https://dl.google.com/android/repository/platform-tools-latest-windows.zip' | shasum -a 256
12c2841f354e92a0eb2fd7bf6f0f9bf8538abce7bd6b060ac8349d6f6a61107c -
$ curl -L -H "Accept-Encoding: gzip" --silent 'https://dl.google.com/android/repository/platform-tools-latest-windows.zip' | shasum -a 256
0948a0217c7ff08455cb500f933d34d01a4e6bc0585f07d716d8c9ce487e909c -
Comment From: jfrech
Please note that injecting the Accept-Encoding header into a cURL invocation expressly instructs cURL not to interpret the compressed bytes:
# the client reports it is unable to interpret any compression
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz | sha256sum
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec -
# this assumes, the server will set a `Content-Encoding: gzip`
# (the server is allowed not to honour the client's capabilities, in which case this invocation would fail
# (as it would try to decompress presumably uncompressed data))
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz -H 'Accept-Encoding: gzip' | gzip -d | sha256sum
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec -
# cURL can be instructed to try and gain network performance from the HTTP compressed representation feature
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz --compressed | sha256sum
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec -
Comment From: jfrech
The Google server correctly sets Content-Encoding: gzip (as irrespective of representation, the resource is a .gzip file) and sets Content-Type: application/x-gzip when appropriate:
$ curl -v -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz -o/dev/null
(...)
< HTTP/2 200
< accept-ranges: bytes
< content-disposition: attachment
< content-security-policy: default-src 'none'
< server: downloads
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 0
< date: Sat, 08 Nov 2025 20:38:16 GMT
< cache-control: no-transform,public,max-age=86400
< last-modified: Wed, 05 Nov 2025 19:03:09 GMT
< etag: "50ad87b"
< content-type: application/x-gzip
< vary: Accept-Encoding
< content-length: 59766394
< age: 0
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
$ curl -v -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz --compressed -o/dev/null
(...)
< HTTP/2 200
< accept-ranges: bytes
< content-disposition: attachment
< content-encoding: gzip
< content-security-policy: default-src 'none'
< server: downloads
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 0
< date: Sat, 08 Nov 2025 20:39:13 GMT
< cache-control: no-transform,public,max-age=86400
< last-modified: Wed, 05 Nov 2025 19:03:09 GMT
< etag: "50ad87b-6aa1e4d0"
< content-type: application/x-gzip
< vary: Accept-Encoding
< content-length: 59327961
< age: 0
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Furthermore unsurprisingly, the compression savings aren't spectacular (somewhat surprisingly, compression saves 0.73% bandwidth, ie 428.16KiB):
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz -H 'Accept-Encoding: gzip' | wc -c
59327961
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz | wc -c
59766394
Comment From: dnelsonmc
I understand the comments made about this issue, but what puzzles me is why it only seems to be affecting that one file when I try to download through Firefox. For example, I can navigate to the download page and download the arm64.tar.gz file instead and the sha256sum of the resulting download matches exactly what is listed on the page. In addition, I can do the same thing with the 1.25.3 amd64.tar.gz and no problems there either
On Sat, Nov 8, 2025, 3:47 PM Jonathan Frech @.***> wrote:
jfrech left a comment (golang/go#76228) https://github.com/golang/go/issues/76228#issuecomment-3506884815
The Google server correctly sets Content-Encoding: gzip (as irrespective of representation, the resource is a .gzip file) and sets Content-Type: application/x-gzip when appropriate:
$ curl -v -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz -o/dev/null (...) < HTTP/2 200 < accept-ranges: bytes < content-disposition: attachment < content-security-policy: default-src 'none' < server: downloads < x-content-type-options: nosniff < x-frame-options: SAMEORIGIN < x-xss-protection: 0 < date: Sat, 08 Nov 2025 20:38:16 GMT < cache-control: no-transform,public,max-age=86400 < last-modified: Wed, 05 Nov 2025 19:03:09 GMT < etag: "50ad87b" < content-type: application/x-gzip < vary: Accept-Encoding < content-length: 59766394 < age: 0 < alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
$ curl -v -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz --compressed -o/dev/null (...) < HTTP/2 200 < accept-ranges: bytes < content-disposition: attachment < content-encoding: gzip < content-security-policy: default-src 'none' < server: downloads < x-content-type-options: nosniff < x-frame-options: SAMEORIGIN < x-xss-protection: 0 < date: Sat, 08 Nov 2025 20:39:13 GMT < cache-control: no-transform,public,max-age=86400 < last-modified: Wed, 05 Nov 2025 19:03:09 GMT < etag: "50ad87b-6aa1e4d0" < content-type: application/x-gzip < vary: Accept-Encoding < content-length: 59327961 < age: 0 < alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Furthermore unsurprisingly, the compression savings aren't spectacular (somewhat surprisingly, compression saves 0.73% bandwidth, ie 428.16KiB):
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz -H 'Accept-Encoding: gzip' | wc -c 59327961 $ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz | wc -c 59766394
— Reply to this email directly, view it on GitHub https://github.com/golang/go/issues/76228#issuecomment-3506884815, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC63OGZYPFVR7K4C6BPJBEL33ZJFHAVCNFSM6AAAAACLQIOTP2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKMBWHA4DIOBRGU . You are receiving this because you authored the thread.Message ID: @.***>
Comment From: jfrech
@dnelsonmc Does your Firefox download the file as being named "go1.25.4.linux-amd64.tar.gz" or as being named "go1.25.4.linux-amd64.tar"? My cursory Bugzilla searching has lead to a slew of bug reports over the last two decades talking about Firefox unexpectedly decompressing files:
- cf. https://stackoverflow.com/a/71688998 [2025-11-08]
- cf. https://bugzilla.mozilla.org/show_bug.cgi?id=121001 [2025-11-08]
- cf. https://bugzilla.mozilla.org/show_bug.cgi?id=235859 [2025-11-08]
- cf. https://bugzilla.mozilla.org/show_bug.cgi?id=233047 [2025-11-08]
- cf. https://bugzilla.mozilla.org/show_bug.cgi?id=1470011 [2025-11-08]
- cf. https://bugzilla.mozilla.org/show_bug.cgi?id=610679 [2025-11-08]
Comment From: jfrech
The Google download server makes differing decisions about whether or not to serve a compressed representation (I surmise because "go1.25.4.linux-arm64.tar.gz" benefits (slightly!; see my previous comment) from transport compression and "go1.25.4.linux-amd64.tar.gz" doesn't):
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-arm64.tar.gz --compressed -v -o/dev/null
(...)
< HTTP/2 200
< accept-ranges: bytes
< cache-control: no-transform
< cache-control: public
< cache-control: max-age=86400
< content-disposition: attachment
< content-length: 57268847
< content-security-policy: default-src 'none'
< content-type: application/x-gzip
< etag: "50ad923"
< last-modified: Wed, 05 Nov 2025 19:03:39 GMT
< server: downloads
< vary: Accept-Encoding
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 0
< date: Sat, 08 Nov 2025 22:03:04 GMT
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
$ curl -fsSL https://go.dev/dl/go1.25.4.linux-amd64.tar.gz --compressed -v -o/dev/null
< HTTP/2 200
< accept-ranges: bytes
< content-disposition: attachment
< content-encoding: gzip
< content-security-policy: default-src 'none'
< server: downloads
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 0
< date: Sat, 08 Nov 2025 22:03:20 GMT
< cache-control: no-transform,public,max-age=86400
< last-modified: Wed, 05 Nov 2025 19:03:09 GMT
< etag: "50ad87b-6aa1e4d0"
< content-type: application/x-gzip
< vary: Accept-Encoding
< content-length: 59327961
< age: 0
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Comment From: jfrech
I can confirm that Firefox 144.0.2 (64-bit) (Mozilla Firefox Snap for Ubuntu; canonical-002 1.0) incorrectly saves to a file named "go1.25.4.linux-amd64.tar.gz" (which is served with transport compression; see my comment above) the compressed representation but does correctly download "go1.25.4.linux-arm64.tar.gz" (which is served without transport compression; see my comment above):
# ((downloading via browser UI))
$ ls
go1.25.4.linux-amd64.tar.gz go1.25.4.linux-arm64.tar.gz
$ sha256sum *
a8ae67a43f46994ebefa22aa83f52f415125bedfd0455eba5a08a3cc82160044 go1.25.4.linux-amd64.tar.gz
a68e86d4b72c2c2fecf7dfed667680b6c2a071221bbdb6913cf83ce3f80d9ff0 go1.25.4.linux-arm64.tar.gz
$ file *
go1.25.4.linux-amd64.tar.gz: gzip compressed data, original size modulo 2^32 59766394
go1.25.4.linux-arm64.tar.gz: gzip compressed data, max compression, original size modulo 2^32 214344192 gzip compressed data, reserved method, ASCII, has CRC, was "", from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 214344192
$ gzip -d <go1.25.4.linux-amd64.tar.gz | sha256sum
9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec -
Comment From: jfrech
Suggest to change the issue's title to:
x/website/internal/dl: unpredictably applied HTTP transport compression for .tar.gz resources results in negligible bandwidth savings while confusing contemporary versions of Firefox
Comment From: rfjakob
wget on Fedora 42 also gets confused and saves a double-gzipped file. Interesting line in the debug output (below): Broken server configuration gzip workaround triggered
$ wget --version
GNU Wget2 2.2.0 - multithreaded metalink/file/website downloader
$ wget --debug https://go.dev/dl/go1.25.4.linux-amd64.tar.gz
09.213550.013 Local URI encoding = 'UTF-8'
09.213550.013 Input URI encoding = 'UTF-8'
09.213550.014 Fetched HSTS data from '/home/jakob/.local/share/wget/.wget-hsts'
09.213550.014 Fetched HPKP data from '/home/jakob/.local/share/wget/.wget-hpkp'
09.213550.014 set_exit_status(0)
09.213550.014 path dl/go1.25.4.linux-amd64.tar.gz ->
09.213550.014 dl/go1.25.4.linux-amd64.tar.gz
09.213550.014 local filename = 'go1.25.4.linux-amd64.tar.gz'
09.213550.014 host_add_job: job fname go1.25.4.linux-amd64.tar.gz
09.213550.014 host_add_job: 0x5638a741d180 https://go.dev/dl/go1.25.4.linux-amd64.tar.gz
09.213550.014 host_add_job: qsize 1 host-qsize=1
09.213550.014 queue_size: qsize=1
09.213550.014 queue_size: qsize=1
09.213550.014 queue_size: qsize=1
09.213550.014 [0] action=1 pending=0 host=0x0 goaway=n/a
09.213550.014 dequeue job https://go.dev/dl/go1.25.4.linux-amd64.tar.gz
09.213550.014 resolving go.dev:443...
09.213550.089 has [2001:4860:4802:36::15]:443
09.213550.089 has [2001:4860:4802:38::15]:443
09.213550.089 has [2001:4860:4802:34::15]:443
09.213550.089 has [2001:4860:4802:32::15]:443
09.213550.089 has 216.239.32.21:443
09.213550.089 has 216.239.34.21:443
09.213550.089 has 216.239.38.21:443
09.213550.089 has 216.239.36.21:443
09.213550.089 has [2001:4860:4802:34::15]:443
09.213550.089 has [2001:4860:4802:38::15]:443
09.213550.089 has [2001:4860:4802:32::15]:443
09.213550.089 has [2001:4860:4802:36::15]:443
09.213550.090 has 216.239.34.21:443
09.213550.090 has 216.239.36.21:443
09.213550.090 has 216.239.38.21:443
09.213550.090 has 216.239.32.21:443
09.213550.090 trying [2001:4860:4802:36::15]:443...
09.213550.107 GnuTLS init
09.213550.243 GnuTLS system certificate store is empty
09.213550.243 Certificates loaded: 389
09.213550.244 GnuTLS init done
09.213550.244 TLS False Start requested
09.213550.244 SNI go.dev
09.213550.244 OCSP stapling requested for go.dev
09.213550.244 ALPN offering h2
09.213550.244 ALPN offering http/1.1
09.213550.304 OCSP stapling is not supported by 'go.dev'
09.213550.304 host has no pubkey pinnings stored in hpkp db
09.213550.304 host has no pubkey pinnings stored in hpkp db
09.213550.304 host has no pubkey pinnings stored in hpkp db
09.213550.304 host has no pubkey pinnings stored in hpkp db
09.213550.305 host has no pubkey pinnings stored in hpkp db
09.213550.305 host has no pubkey pinnings stored in hpkp db
09.213550.305 TLS False Start: off
09.213550.305 ALPN: Server accepted protocol 'h2'
----
Certificate info [0]:
Valid since: Fr 24 Okt 2025 10:07:38 CEST
Expires: Do 22 Jan 2026 09:55:27 CET
Fingerprint: 3c9288bc5f14c1183dcb3d9a7995f50e
Serial number: 00c8ac8ad3427b8bc5129b27cb9009ee13
Public key: RSA, Medium (2048 bits)
Version: #3
DN: CN=go.dev
Issuer's DN: C=US,O=Google Trust Services,CN=WR3
Issuer's OID: 2.5.4.6
Issuer's UID: 2.5.4.6
Certificate info [1]:
Valid since: Mi 13 Dez 2023 10:00:00 CET
Expires: Di 20 Feb 2029 15:00:00 CET
Fingerprint: a5cf06ee3d96c5362e85177d7c5b99ca
Serial number: 7ff005a91568d63abc22861684aa4b5a
Public key: RSA, Medium (2048 bits)
Version: #3
DN: C=US,O=Google Trust Services,CN=WR3
Issuer's DN: C=US,O=Google Trust Services LLC,CN=GTS Root R1
Issuer's OID: 2.5.4.6
Issuer's UID: 2.5.4.6
Certificate info [2]:
Valid since: Fr 19 Jun 2020 02:00:42 CEST
Expires: Fr 28 Jan 2028 01:00:42 CET
Fingerprint: 3682b6c0eb81959e4b4458dfbb65d4f7
Serial number: 77bd0d6cdb36f91aea210fc4f058d30d
Public key: RSA, High (4096 bits)
Version: #3
DN: C=US,O=Google Trust Services LLC,CN=GTS Root R1
Issuer's DN: C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA
Issuer's OID: 2.5.4.6
Issuer's UID: 2.5.4.6
----
Ephemeral ECDH using curve X25519
Key Exchange: ECDHE-RSA
Protocol: TLS1.3
Certificate Type: X.509
Cipher: AES-256-GCM
MAC: AEAD
----
09.213550.305 Handshake completed
09.213550.305 established connection go.dev
[0] Downloading 'https://go.dev/dl/go1.25.4.linux-amd64.tar.gz' ...
09.213550.305 cookie_create_request_header for host=go.dev path=dl/go1.25.4.linux-amd64.tar.gz
09.213550.305 HTTP2 stream id 1
09.213550.305 [0] action=1 pending=1 host=0x5638a741cc60 goaway=false
09.213550.305 [0] action=2 pending=1 host=0x5638a741cc60 goaway=false
09.213550.305 ## pending_requests = 1
09.213550.305 [FRAME 0] > SETTINGS
09.213550.305 [FRAME 0] > WINDOW_UPDATE
09.213550.305 [FRAME 1] > HEADERS
09.213550.305 [FRAME 1] > :method: GET
09.213550.305 [FRAME 1] > :path: /dl/go1.25.4.linux-amd64.tar.gz
09.213550.305 [FRAME 1] > :scheme: https
09.213550.305 [FRAME 1] > :authority: go.dev
09.213550.305 [FRAME 1] > accept-encoding: gzip, deflate, br, zstd
09.213550.305 [FRAME 1] > accept: */*
09.213550.305 [FRAME 1] > user-agent: Wget/2.2.0
09.213550.335 [FRAME 0] < SETTINGS
09.213550.335 [FRAME 0] < WINDOW_UPDATE
09.213550.335 [FRAME 0] > SETTINGS
09.213550.336 [FRAME 0] < SETTINGS
09.213550.458 :status: 302
09.213550.458 content-type: text/html; charset=utf-8
09.213550.458 content-security-policy: connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ; default-src 'self' ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com scone-pa.clients6.google.com www.youtube.com player.vimeo.com ; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com gstatic.com data: * ; object-src 'none' ; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com gstatic.com tagmanager.google.com ;
09.213550.458 location: https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
09.213550.458 strict-transport-security: max-age=31536000; includeSubDomains; preload
09.213550.458 x-cloud-trace-context: 3dccdd94851da24ee11489c3ed558e24
09.213550.458 date: Sun, 09 Nov 2025 20:35:50 GMT
09.213550.458 server: Google Frontend
09.213550.458 content-length: 75
09.213550.458 [FRAME 1] < HEADERS
09.213550.458 closing stream 1
09.213550.458 ## response status 302
HTTP response 302 [https://go.dev/dl/go1.25.4.linux-amd64.tar.gz]
09.213550.458 keep_alive=1
09.213550.458 update HSTS go.dev:443 (maxage=31536000, includeSubDomains=1)
09.213550.458 path go/go1.25.4.linux-amd64.tar.gz ->
09.213550.458 go/go1.25.4.linux-amd64.tar.gz
Adding URL: https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
09.213550.458 local filename = 'go1.25.4.linux-amd64.tar.gz'
09.213550.458 host_add_job: job fname go1.25.4.linux-amd64.tar.gz
09.213550.458 host_add_job: 0x7fd9c1074ad0 https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
09.213550.458 host_add_job: qsize 2 host-qsize=1
09.213550.458 path go/go1.25.4.linux-amd64.tar.gz ->
09.213550.458 go/go1.25.4.linux-amd64.tar.gz
Adding URL: https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
09.213550.458 not requesting 'https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz'. (Already Seen)
09.213550.458 _host_remove_job: 0x5638a741d180
09.213550.458 host_remove_job: qsize=1 host->qsize=0
09.213550.458 [0] action=1 pending=0 host=0x5638a741cc60 goaway=false
09.213550.458 closing connection
09.213550.459 [0] action=1 pending=0 host=0x0 goaway=n/a
09.213550.459 dequeue job https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
09.213550.459 resolving dl.google.com:443...
09.213550.459 main: wake up
09.213550.459 queue_size: qsize=1
09.213550.483 has [2a00:1450:4016:80a::200e]:443
09.213550.483 has 142.251.36.238:443
09.213550.483 has [2a00:1450:4016:80a::200e]:443
09.213550.483 has 142.251.36.238:443
09.213550.483 trying [2a00:1450:4016:80a::200e]:443...
09.213550.508 TLS False Start requested
09.213550.508 SNI dl.google.com
09.213550.508 OCSP stapling requested for dl.google.com
09.213550.508 ALPN offering h2
09.213550.508 ALPN offering http/1.1
09.213550.553 OCSP stapling is not supported by 'dl.google.com'
09.213550.553 host has no pubkey pinnings stored in hpkp db
09.213550.554 host has no pubkey pinnings stored in hpkp db
09.213550.554 host has no pubkey pinnings stored in hpkp db
09.213550.554 host has no pubkey pinnings stored in hpkp db
09.213550.554 host has no pubkey pinnings stored in hpkp db
09.213550.554 host has no pubkey pinnings stored in hpkp db
09.213550.554 TLS False Start: off
09.213550.554 ALPN: Server accepted protocol 'h2'
----
Certificate info [0]:
Valid since: Mo 13 Okt 2025 10:37:33 CEST
Expires: Mo 05 Jan 2026 09:37:32 CET
Fingerprint: 2d746e0409a0ebb4eff434f0de412343
Serial number: 00f8b4aa3ab0572e7f101a9c371afe836b
Public key: EC/ECDSA, High (256 bits)
Version: #3
DN: CN=*.google.com
Issuer's DN: C=US,O=Google Trust Services,CN=WR2
Issuer's OID: 2.5.4.6
Issuer's UID: 2.5.4.6
Certificate info [1]:
Valid since: Mi 13 Dez 2023 10:00:00 CET
Expires: Di 20 Feb 2029 15:00:00 CET
Fingerprint: 382f516a7f7dfac53971ab46de20559b
Serial number: 7ff005a07c4cded100ad9d66a5107b98
Public key: RSA, Medium (2048 bits)
Version: #3
DN: C=US,O=Google Trust Services,CN=WR2
Issuer's DN: C=US,O=Google Trust Services LLC,CN=GTS Root R1
Issuer's OID: 2.5.4.6
Issuer's UID: 2.5.4.6
Certificate info [2]:
Valid since: Fr 19 Jun 2020 02:00:42 CEST
Expires: Fr 28 Jan 2028 01:00:42 CET
Fingerprint: 3682b6c0eb81959e4b4458dfbb65d4f7
Serial number: 77bd0d6cdb36f91aea210fc4f058d30d
Public key: RSA, High (4096 bits)
Version: #3
DN: C=US,O=Google Trust Services LLC,CN=GTS Root R1
Issuer's DN: C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA
Issuer's OID: 2.5.4.6
Issuer's UID: 2.5.4.6
----
Ephemeral ECDH using curve X25519
Key Exchange: ECDHE-RSA
Protocol: TLS1.3
Certificate Type: X.509
Cipher: AES-256-GCM
MAC: AEAD
----
09.213550.555 Handshake completed
09.213550.555 established connection dl.google.com
[0] Downloading 'https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz' ...
09.213550.555 cookie_create_request_header for host=dl.google.com path=go/go1.25.4.linux-amd64.tar.gz
09.213550.555 HTTP2 stream id 1
09.213550.555 [0] action=1 pending=1 host=0x7fd9c096bba0 goaway=false
09.213550.555 [0] action=2 pending=1 host=0x7fd9c096bba0 goaway=false
09.213550.555 ## pending_requests = 1
09.213550.555 [FRAME 0] > SETTINGS
09.213550.555 [FRAME 0] > WINDOW_UPDATE
09.213550.555 [FRAME 1] > HEADERS
09.213550.555 [FRAME 1] > :method: GET
09.213550.555 [FRAME 1] > :path: /go/go1.25.4.linux-amd64.tar.gz
09.213550.555 [FRAME 1] > :scheme: https
09.213550.555 [FRAME 1] > :authority: dl.google.com
09.213550.555 [FRAME 1] > accept-encoding: gzip, deflate, br, zstd
09.213550.555 [FRAME 1] > accept: */*
09.213550.555 [FRAME 1] > user-agent: Wget/2.2.0
09.213550.566 [FRAME 0] < SETTINGS
09.213550.566 [FRAME 0] < WINDOW_UPDATE
09.213550.567 [FRAME 0] > SETTINGS
09.213550.570 [FRAME 0] < SETTINGS
09.213550.604 :status: 200
09.213550.604 accept-ranges: bytes
09.213550.604 content-disposition: attachment
09.213550.604 content-encoding: gzip
09.213550.604 content-security-policy: default-src 'none'
09.213550.604 server: downloads
09.213550.604 x-content-type-options: nosniff
09.213550.604 x-frame-options: SAMEORIGIN
09.213550.604 x-xss-protection: 0
09.213550.604 date: Sun, 09 Nov 2025 20:35:50 GMT
09.213550.604 cache-control: no-transform,public,max-age=86400
09.213550.604 last-modified: Wed, 05 Nov 2025 19:03:09 GMT
09.213550.605 etag: "50ad87b-6aa1e4d0"
09.213550.605 content-type: application/x-gzip
09.213550.605 vary: Accept-Encoding
09.213550.605 content-length: 59327961
09.213550.605 age: 0
09.213550.605 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
09.213550.605 [FRAME 1] < HEADERS
Saving 'go1.25.4.linux-amd64.tar.gz'
09.213550.605 Broken server configuration gzip workaround triggered
09.213555.545 closing stream 1
09.213555.545 ## response status 200
HTTP response 200 [https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz]
09.213555.545 keep_alive=1
09.213555.546 _host_remove_job: 0x7fd9c1074ad0
09.213555.546 host_remove_job: qsize=0 host->qsize=0
09.213555.546 [0] action=1 pending=0 host=0x7fd9c096bba0 goaway=false
09.213555.546 closing connection
09.213555.546 [0] action=1 pending=0 host=0x0 goaway=n/a
09.213555.546 main: wake up
09.213555.546 main: done
09.213555.547 Successfully updated '/home/jakob/.local/share/wget/.wget-hsts'.
09.213555.547 Saved 7 HSTS entries into '/home/jakob/.local/share/wget/.wget-hsts'
09.213555.547 blacklist https://dl.google.com/go/go1.25.4.linux-amd64.tar.gz
09.213555.547 blacklist https://go.dev/dl/go1.25.4.linux-amd64.tar.gz
$ sha256sum go1.25.4.linux-amd64.tar.gz
a8ae67a43f46994ebefa22aa83f52f415125bedfd0455eba5a08a3cc82160044 go1.25.4.linux-amd64.tar.gz
$ tar tzf go1.25.4.linux-amd64.tar.gz
tar: This does not look like a tar archive
tar: Skipping to next header
tar: Exiting with failure status due to previous errors