When you download files or copy them between locations, there is always a chance that something won’t copy correctly. The larger the file, the larger the chance of something getting messed up. Creating a check sum on the file is a great way to check to make sure that everything adds up before and after the copy.
This post will explore the two tools, and give you a quick little intro on how to use them.
Creating a Check Sum
To calculate a check sum, you can use either md5sum or sha1sum. Simply enter the name of the file as the only parameter after either command. Here’s how I generated a sum on an Android ROM that I downloaded:
skp@pecan:~/Downloads$ md5sum NexusHD2-ICS-CM9-HWA_V2.0.zip c63d317c72f05fc9af7dc90931170386 NexusHD2-ICS-CM9-HWA_V2.0.zip skp@pecan:~/Downloads$ sha1sum NexusHD2-ICS-CM9-HWA_V2.0.zip 20e31ab36b94bd4d18b91a28c3423f9ce02bf16b NexusHD2-ICS-CM9-HWA_V2.0.zip skp@pecan:~/Downloads$
Validating a List from a File
You can have either command check and validate files by passing a file with the checksums in it. To show how this works, let me check all of my recent downloads.
First, I generate the file by using the “>” to redirect the output of the command:
md5sum * > checksums.txt
That creates the checksums.txt file. It should have a list of all of the files and their checksum. Then, I can use the -c option to tell it to validate everything in that file.
md5sum -c checksums.txt
You should get an OK next to each file that it checked. In the following example, I was in the middle of a download, you’ll see that one file failed because it changed between the time that I created the checksum file and the time that I validated it.
sha1sum works exactly the same way. It has a -c option just like md5sum.
Validating Downloads from the Web
Many times when you download a file, you’ll find an md5sum listed. You can use that make sure that your download was accurate and complete. Sometimes you may have to search for the checksum and other times you’ll find it right next to the download link.
You can always just generate another checksum and visually compare the two to make sure they match. But, I finally found an easier way. The -c option reads from the checksums from standard input when you give it a dash (-) for the file name.
The format of the checksum file is checksum, space, space, file name. Remember that if you are placing the two spaces on the command line, you will have to put quotes around it to keep the spaces in tact. So, your command should look something like this (remember the checksum would be copied from a webpage online and pasted into the terminal):
echo "c63d317c72f05fc9af7dc90931170386 NexusHD2-ICS-CM9-HWA_V2.0.zip" | md5sum -c -
Where do I get the Checksum?
On my Android ROM, the check sum is right next to the download.
For Ubuntu downloads, I had to search for it. I did a separate Google search, but I finally found the Ubuntu Hashes page.
Fedora worked the same way. A search turned up the Verify your ISO page. It actually uses sha256sum instead and has instructions for validating.
The Android SDK has the checksum right beside the download: