I have found the cause of this. The gzip reader for the headers file is not causing the whole file to be read from the menderTarReader. This means the checksum.go does not “Read” all the bytes in order to calculate the correct checksum. If I place the following code before the verification in checksum.go:readHeader() it fixes the problem (or moves the problem somewhere else 
) I hope this helps and that you can find a more elegant solution to this problem
// GRANDFIELD: Make sure the tar reader is exhausted.
buf := make([]byte, 32*1024)
r.Read(buf);
// Check if header checksum is correct.
if cr, ok := r.(*artifact.Checksum); ok { .......................