Ubuntu – Gzip: stdin: not in gzip format

downloadsfile typemime-typetarwget

When I run:

tar -zxvf john-1.7.0.2.tar.gz

I get this:

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now

It should start unpacking.

Some people told me not to use the z but I get the same error.

It's a file that I downloaded this way:

wget http://openwall.com/john/f/john-1.7.0.2.tar.gz

Best Answer

  • Diagnosing a Downloaded File of the Wrong Type

    As steeldriver says, this means the file isn't really a gzipped tar file -- or any kind of gzipped file -- in spite of being named like one.

    When you download a file with wget, there are often indications that you've ended up getting a different kind of file than what you were looking for:

    ek@Io:~$ wget http://openwall.com/john/f/john-1.7.0.2.tar.gz
    --2017-01-28 23:57:33--  http://openwall.com/john/f/john-1.7.0.2.tar.gz
    Resolving openwall.com (openwall.com)... 195.42.179.197
    Connecting to openwall.com (openwall.com)|195.42.179.197|:80... connected.
    HTTP request sent, awaiting response... 301 Moved Permanently
    Location: http://www.openwall.com/john/ [following]
    --2017-01-28 23:57:40--  http://www.openwall.com/john/
    Resolving www.openwall.com (www.openwall.com)... 195.42.179.202
    Connecting to www.openwall.com (www.openwall.com)|195.42.179.202|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: ‘john-1.7.0.2.tar.gz’
    
    john-1.7.0.2.tar.gz                          [      <=>                                                                        ]  15.27K  3.61KB/s    in 4.2s
    
    2017-01-28 23:57:51 (3.61 KB/s) - ‘john-1.7.0.2.tar.gz’ saved [15633]
    

    In this case, the main signs are:

    • The 301 Moved Permanently message, redirecting to an address with a trailing /. This loads the default page for some directory on the server, which is usually index.html and almost always an HTML file.
    • Length: unspecified [text/html], telling you that you're receiving plain text (text) and that it is intended to be interpreted as html. This is really more than a sign -- you can be pretty sure you haven't gotten a real gzipped file based on this.

    You can also use the file utility, which examines a file and tells you what kind of file it looks to be:

    ek@Io:~$ file john-1.7.0.2.tar.gz
    john-1.7.0.2.tar.gz: HTML document, ASCII text, with very long lines
    

    And of course you can examine the file yourself, with tools such as head, less, and view:

    ek@Io:~$ head john-1.7.0.2.tar.gz
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <HTML>
    <HEAD>
    <TITLE>John the Ripper password cracker</TITLE>
    <link href="/style.css" type="text/css" rel="stylesheet">
    <META name="keywords" content="John the Ripper, password cracker, JtR, password checker, password recovery, password, cracker, crackers, cracking, crack, crypt, passwd, shadow, Unix, Linux, Windows, Win32, Mac OS X, Mac OSX, MacOS X, OS X, OSX, DOS, VMS, OpenVMS, hash, DES, MD5, Blowfish, Kerberos, AFS, LM, LanMan, LanManager, NT, 2000, XP, 2003, Vista, 7, NTLM, NTLMv1, MD4, Netscape LDAP, SHA, SSHA, MySQL, TGT, s/key, Eggdrop, Apache, apr1, SYSUAF, SYSUAF.DAT, AltiVec, MMX, SSE, SSE2, AVX, XOP, wordlist, wordlists, dictionary, brute force, decrypt, challenge, response, John, Ripper, john, jhon, jonh, jack, Jack the Ripper">
    <META name="description" content="A fast password cracker for Unix, Windows, DOS, and OpenVMS, with support for Unix, Windows, and Kerberos AFS passwords, plus a lot more with contributed patches">
    </HEAD>
    
    <BODY bgcolor="#E0E0E0" text="black" link="blue" alink="red" vlink="navy">
    

    If this were really a binary file, then you would've gotten a whole bunch of meaningless garbage instead, as whatever pager or viewer your use fruitlessly attempts to interpret something as plain text that really isn't. For example, on the correct file:

    ek@Io:~$ head john-1.8.0.tar.gz
    WӦQ♥john-1.8.0.tar ▒▒kw▒ر&▒▒ٿ▒▒▒▒4E]|▒v▒NF▒d[▒n▒▒▒L&▒HB▒$▒ ▒df͚▒▒▒▒▒ꩪ▒7@▒▒▒9ӳf▒▒J▒m     ▒ؗ▒u▒▒~,▒ї▒▒▒ˣ▒▒ӣ_▒▒▒▒C▒▒|▒▒▒▒▒şw▒v▒▒>▒|w▒▒▒}▒▒▒ί▒▒i9▒?7+▒gY7i▒$▒▒ʲ▒▒s?▒J'MV%▒rY4ur[▒4▒▒e▒▒.▒▒▒▒▒&/u▒-2▒W▒▒V▒▒!o▒0b▒▒▒♥▒|Q▒4▒▒▒&▒▒Y1Y▒F▒▒Iy▒▒▒▒$▒▒▒▒,▒]▒h▒▒8▒"▒▒M▒,Һ~(▒i▒4Y▒d▒QgQ▒*ۚf7yA▒.▒&i▒<d▒↓▒7▒H_-l▒7▒▒▒Z▒▒.m▒▒ʒ%F,▒۬▒*▒▒hrW▒cY▒▒
    ▒+▒O1▒-y>▒▒J▒yM?▒4I▒▒▒kYS▒▒:▒▒n▒C▒▒%▒▒▒v▒▒▒{[[tN▒9▒▒▒kA▒▒▒▒▒/[▒▒▒▒u▒▒▒z▒▒▒▒>▒▒5▒▒▒▒t▒t▒▒Y6Û<▒*/i▒i{K>▒,▒▒▒▒▒;9)▒Z.mJSeiLB▒▒▒▒▒j▒▒eQ緅▒_▒α▒Ŋ▒▒▒W▒▒▒▒▒_▒▒ˢ▒▒-q▒<gyw͍▒9▒?▒,▒▒▒▒h&▒V"▒▒▒▒▒▒▒l▒▒3▒▒▒▒\▒▒i#▒▒综▒◄0▒▒▒.e♠>a▒▒▒▒▒▒$klt:▒▒rA▒M▒'F▒R▒▒▒▒Lo▒♥1z▒\▒↓X▒▒▒P"֕▒▒▒♦▒▒▒▒|▒▒▒▒▒▒1I▒o"'#|6e▒▒t▒Ц▒FVL▒▒S▒ޓ▒▒;▒x▒▒▒▒▒▒▒QVrr▒▒▒9O▒W7▒♠Og▒
    ▒▒▒8▒▒/▒▒dm▒FG'▒'t2L▒▒&L▒Y:▒▒▒▒▒4▒rI<▒#▒+▒je▒▒▒>T9▒▒M▒XE-ʆ▒▒'n▒▒$↑▒m▒W▒▒w̕▒▒m▒n%▒|A_▒yGp↑D▒↓߻▒▒▒i▒▒}ӡH▒▒▒▒׍$$H▒▒&▒▒4▒▒▒Z-@♣▒*~▒▒▒ y6▒▒▒`▒v↓▒s▒+̱▒?▒1▒▒▒<▒>▒^▒▒Y#k▒
    7`N'▒o▒.&▒▒(▒Դ~AD▒"E◄' lq▒`▒▒`▒[▒9◄▒▒wzuK▒N▒▒Y▒▒%or▒▒)▒▒i↓▒▒▒l5.S▒޶r▒_*▒RO▒{▒$▒(▒▒▒▒C▒·▒▒׀f2ˊ[:▒▒▒,|ew▒▒▒Ag▒'▒▒▒H▒▒t▒{͓▒▒▒▒JH˭s▒)g▒ON▒▒eŚQ▒▒▒♠ s▒▒ߪ▒▒▒▒▒▒▒▒▒▒_♠▒-▒
    

    (I've only copied the very beginning of that.)

    Getting the Right File

    That tells you how to figure out what went wrong in these situations (and in this case, in particular). But how do you actually find and download the correct file?

    This varies from situation to situation. However, a good start is to:

    • Go to the official website for the software and see if they provide download links. Even if that's how you got the link you're using originally, if some time has passed you may find that the link has changed.

      For example, in this particular case, the current version is 1.8.0 instead of 1.7.0.2 (and provided in the j subdirectory instead of f), and the old version is no longer available at that same URL.

    • Go to the page that you were redirected to when you downloaded the file. In this case, that's: http://www.openwall.com/john/

      Or you can even examine the file that was downloaded. (Or open it in a web browser.)

    You got redirected to the software's main download page. You can either download in a web browser, or copy a correct current download link and download it with wget. There are a few choices, but assuming you don't actually need that specific old version you were trying to download, and based on the specific file you did attempt to download, I suspect http://openwall.com/john/j/john-1.8.0.tar.gz is what you are looking for.

    Of course, readers who find this post later may find that link no longer works. But the approach demonstrated here for troubleshooting this sort of problem will remain valid.

    ek@Io:~$ wget http://openwall.com/john/j/john-1.8.0.tar.gz
    --2017-01-29 00:16:19--  http://openwall.com/john/j/john-1.8.0.tar.gz
    Resolving openwall.com (openwall.com)... 195.42.179.197
    Connecting to openwall.com (openwall.com)|195.42.179.197|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 5450412 (5.2M) [application/x-tar]
    Saving to: ‘john-1.8.0.tar.gz’
    
    john-1.8.0.tar.gz                        100%[================================================================================>]   5.20M  78.8KB/s    in 26s
    
    2017-01-29 00:16:47 (202 KB/s) - ‘john-1.8.0.tar.gz’ saved [5450412/5450412]
    

    I've downloaded the file. Notice that, this time, no undesired redirection happened and the type is given as application/x-tar instead of text/html.

    (An HTTP redirection is not always bad. It's when you get redirected to something that doesn't seem like it could really be the file you're looking for that you should suspect your download has not really succeeded.)

    file agrees:

    ek@Io:~$ file john-1.8.0.tar.gz
    john-1.8.0.tar.gz: gzip compressed data, was "john-1.8.0.tar", last modified: Thu May 30 04:19:35 2013, max compression, from Unix
    

    And it unpacks successfully:

    ek@Io:~$ tar xf john-1.8.0.tar.gz
    ek@Io:~$ cd john-1.8.0/
    ek@Io:~/john-1.8.0$ ls -l
    total 12
    drwxrwxr-x 2 ek ek 4096 Jan 29 00:22 doc
    lrwxrwxrwx 1 ek ek   10 May 29  2013 README -> doc/README
    drwxrwxr-x 2 ek ek 4096 Jan 29 00:22 run
    drwxrwxr-x 2 ek ek 4096 Jan 29 00:22 src
    

    (You are right that it doesn't matter if you use the z; it would still have worked with tar xzf, since this is the correct file.)

    You can proceed to build the source code and install.

    Remember, You Don't Always Have to Build From Source

    Sometimes you really want the latest version of a program, and it's not in Ubuntu's repositories. You might try to find a PPA, but if you don't find any you really trust or that provide quite what you want, or you want to build it with custom options, or you just really like building from source code, then building from source code is a valuable and useful technique.

    I do recommend checking at least the software that is available in Ubuntu's official repositories for your system, though. On my 16.04 system:

    ek@Io:~$ apt show john
    Package: john
    Version: 1.8.0-2
    Priority: optional
    Section: admin
    Origin: Ubuntu
    Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
    Original-Maintainer: Ruben Molina <rmolina@udea.edu.co>
    Bugs: https://bugs.launchpad.net/ubuntu/+filebug
    Installed-Size: 452 kB
    Depends: libc6 (>= 2.14), john-data (= 1.8.0-2)
    Suggests: wordlist
    Homepage: http://www.openwall.com/john/
    Supported: 5y
    Download-Size: 184 kB
    APT-Sources: http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
    Description: active password cracking tool
     John the Ripper is a tool designed to help systems administrators to
     find weak (easy to guess or crack through brute force) passwords, and
     even automatically mail users warning them about it, if it is desired.
     .
     Besides several crypt(3) password hash types most commonly found on
     various Unix flavors, supported out of the box are Kerberos AFS and
     Windows NT/2000/XP/2003 LM hashes, plus several more with contributed
     patches.
    

    There are several other ways to search for packages. Often it's handy to use the Ubuntu Packages Search web page.

    Since you were going to attempt to install version 1.7.0.2, presumably version 1.8.0 in the official repositories is recent enough. (Indeed, 1.8.0 seems to be the same version as the one provided for download from the official website.) So you really might just want to install that:

    sudo apt update
    sudo apt install john