On Sun, 2009-06-14 at 21:04 +0100, Steve Searle wrote: > Around 07:20pm on Sunday, June 14, 2009 (UK time), terry scrawled: > > > Not quite. You want to -c against the small CHECKSUM file, which contains > > a list of ISOs and their sha256sums. For example: > > $ sha256sum -c Fedora-11-i386-CHECKSUM > > > > > > > I don't get it! you want me to match a downloadable checksum text file > > to what? how do i get the numbers from the iso file to check against > > the checksums? you are not telling me all. you are falsely assuming i > > know more than i do.am I not trying to match the checksums with what > > the developer says they are to be against what the file contains to > > insure that the iso file isn't corrupted and reduce later grief during > > install. > > The CHECKSUM file has both the name of the iso and its expected checksum > in it. > > So the command: > > $ sha256sum -c Fedora-11-i386-CHECKSUM > > Causes it to look fat the iso in whose name is in the checksum file, > generate a checksum for it and compare that generated checksum against > the expected one that is held in the CHECKSUM file. Terry, Enhance your calm, mate. 'man sha256sum' is your friend. if you look in the CHECKSUM file you'll see that it contains exactly what the man page says it should, wrapped inside a GPG signature so you can be sure it hasn't been tampered with: $ cat Fedora-11-i386-CHECKSUM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 6e812e782e52b536c0307bb26b3c244e1c42b644235f5a4b242786b1ef375358 *Fedora-11-i386-DVD.iso 48bf00b8aa4d13da9bb13a1a82d835e90ab65ff32d282b58dffae66e70773630 *Fedora-11-i386-disc1.iso 530a4f4486216680bcc68e4b9ccbd667ed1278d668199f90242e5139d000183a *Fedora-11-i386-disc2.iso b3a8c355c4f78303ea3eea92a4a537c43ddead23bef2a52d0e1f209986ac3811 *Fedora-11-i386-disc3.iso 8318dc3af01bc3f864d6b52c55242444d60fbdbac6ad924190724a2324302730 *Fedora-11-i386-disc4.iso 114152bbbcbe1ad1f5fca4de17b6762a2b86e68c56192b54814f0e0ffe70402b *Fedora-11-i386-disc5.iso e296683a4702d3ccd6e15faf159c2a9c3f00325bf2a7a28434a3441d68e9e434 *Fedora-11-i386-disc6.iso b61cf796fa1602ca003b340ca8073d783576507e88db3499d86640b0d20034cd *Fedora-11-i386-netinst.iso -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQIVAwUBSig6YB3Fx1jSLnfyAQhKbw//bmzSaL+G2hPZ0GttiJFlcCr0fvwd+dcw u76/bXrtnCUMXBeCvXo+1VYJGUUdmVXB2nMrmZ4AvKpQ7nS1nNKxMSeF/65gGBFX KM7Hv/2a0kkm7N8wU7Jmyicmoyo9JF9AhQXegSnlyxy4QGamX4pQNbm0kAmaV76h NvHhliASlvpX1clHJGwN5nvz2KQ6x1jiErzYC6LSD4zG+pPZHg6m2Ih05uQdSKdz Tk9U3DiscrZY88oh5hYcL3YUNDGa/PBrRVCe7MR7Ev7llgkHi82dBLjVZotWCJsO Gmm5O/t8Dbo3RPuf9eXY8tm0bnh6u1xDn0LQ2xJ8EDWRjg4qfox5Ye0x9VE8Slmz +7XS+8xEYmjIRBw1fdd99hSNiwh+w7uqjp3RwVa/VySn8BSZ1ozlYX6W6FYbKORG 71rPQCGhpRDlIMS+iruN5zsCZWIdI9AzAhHurLWFjmB7d5YBN22glKxS7Dj8fjWq sPFswtVGYW+/UlEtUUFPMOtz7a/rBVF/YbZaG4NqeM3lJNwFLyhH/vnWCTKxU2eB a3XdBu/BnQex2bvWg6EyY06YlKmNMSAEbtKsVDc4OWBobk233qMVyQLlqS17/Spd 2taaPieocEkHOTocDt9o/BXkPi34Jx35BXM9xo/rKlpxlEAbr/noTK7+jcyBGiCu f9UE3MBkpKQ= =jUXM -----END PGP SIGNATURE----- One important thing to note is that Fedora 11 has made the migration from using the old MD5 and SHA1 checksums to a 256-bit SHA2 checksum for all of its integrity checks. This includes the checksums used in RPM and YUM. The older checksum algorithms can be compromised, and while it's quite difficult to do, it's possible to hack an ISO or RPM file and still have it generate the same MD5 or SHA1 checksum as the original. If you count the digits in the CHECKSUM file, you'll see that a 256-bit SHA2 checksum contains 64 4-bit hexadecimal (0-9 and a-f) characters in its message digest hash. Compare that to the 32 and 40 hex characters generated by MD5 and SHA1 checksums. (If you need even more bits of assurance, there's SHA512 with a 128 hex character hash.) Back to business. When you use this CHECKSUM file with the -c option you should see the following: $sha256sum -c Fedora-11-i386-CHECKSUM Fedora-11-i386-DVD.iso: OK Fedora-11-i386-disc1.iso: OK Fedora-11-i386-disc2.iso: OK Fedora-11-i386-disc3.iso: OK Fedora-11-i386-disc4.iso: OK Fedora-11-i386-disc5.iso: OK Fedora-11-i386-disc6.iso: OK Fedora-11-i386-netinst.iso: OK Piece of cake. Of course, you're not quite done yet. You have to successfully burn an ISO file to CD or DVD. To do that, right click on an ISO file in a Nautilus window and select "Write to Disc...". Then be sure to run the verification test when using that CD or DVD for the first time. --Doc Savage Fairview Heights, IL -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
