The correct hash is stored inside the checksum file in text format.
You can verify the calculated hash manually by reading the content of the checksum file.
Or just use the linked above instructions to perform automatic verification.
Step 4 was
sha256sum -c *-CHECKSUM
The important part is the-c option which is for checking. Without it it would just create a new SHECKSUM file.
Example
$ sha256sum -c Fedora-Spins-38-1.6-x86_64-CHECKSUM
sha256sum: Fedora-Budgie-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-Budgie-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: Fedora-Cinnamon-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-Cinnamon-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: Fedora-KDE-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-KDE-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: Fedora-LXDE-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-LXDE-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: Fedora-LXQt-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-LXQt-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: Fedora-MATE_Compiz-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-MATE_Compiz-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: Fedora-SoaS-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-SoaS-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: Fedora-Sway-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-Sway-Live-x86_64-38-1.6.iso: FAILED open or read
Fedora-Xfce-Live-x86_64-38-1.6.iso: OK
sha256sum: Fedora-i3-Live-x86_64-38-1.6.iso: No such file or directory
Fedora-i3-Live-x86_64-38-1.6.iso: FAILED open or read
sha256sum: WARNING: 17 lines are improperly formatted
sha256sum: WARNING: 9 listed files could not be read
1 Like
Hi, tnx. The sha256sum command doesn’t work on a mac. So, that’s why I used ‘shasum -a 256’.
I don’t know, it seems to me the instruction is not clear (enough). In the meanwhile I downloaded another ISO and did the same as I showed above. The outcome was the same, which means that the shasum of the second ISO also differs from the shasum of the checksum file.
With the “-c” option as well?
From https://ss64.com/osx/shasum.html
-c, --check Check SHA sums against given list
1 Like
Hi Mario, you are calculating the checksum of the CHECKSUM file itself, instead of using the checksums in the CHECKSUM file to verify another file (the ISO). The -c option in the instructions is important and can’t be ignored.
However, you can also manually read the contents of the CHECKSUM file as Vladislav mentioned. You already calculated the checksum of the ISO here:
xxx@Mac-xxx ~ % shasum -a 256 /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM
7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso
So you know the ISO has a SHA256 checksum of 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992
Now compare it with the contents of the CHECKSUM file by opening it in a text editor. I will show it here, but you should do it on your own too:
# Fedora-Workstation-Live-x86_64-38-1.6.iso: 2099451904 bytes
SHA256 (Fedora-Workstation-Live-x86_64-38-1.6.iso) = 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992
Visually checking it is hard, so the better way is to copy the checksum that you calculated from the terminal, then use the text editor’s Search feature and paste it in the search field. It should be an exact match.
2 Likes
If doing it that way the command would be shasum -a 256 -c *.CHECKSUM so it reads the checksum file and compares the ISO to the value noted within that file.
1 Like
Hi all, tnx a lot.
I just did the following.
This command didn’t work out:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
shasum: standard input: no properly formatted SHA1 checksum lines found
In this way it seems to be working:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 */Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: FAILED shasum: WARNING: 1 computed checksum did NOT match
I replaced the * once with ? and once with ^ and got the same output. I guess I should download another copy of the ISO, compare the checksum again and hope for a good outcome.
Hi all, tnx a lot!
I just did this:
This attempt did not work out:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
shasum: standard input: no properly formatted SHA1 checksum lines found
In this way, it seems to be working:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 */Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: FAILED
shasum: WARNING: 1 computed checksum did NOT match
Although the attempt dit not result in a match. I think I should just download another copy of the ISO and hope for a checksum-match.
The spam filter just hid my new post. No clue why that is…
Probably due to a link you may have included.
The text version works for us.
Hi all, tnx a lot,
I just did the following:
First attempt, didn’t work out:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 ?/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: FAILED
shasum: WARNING: 1 computed checksum did NOT match
Second attempt seems to have been working, although there was no match:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 ^/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: FAILED
shasum: WARNING: 1 computed checksum did NOT match
I think I have to try another download of the ISO and see if the checksum matches.
Tried just plain text, no links. Another block. Strange. I’ll try again tomorrow.
It’s the askimet check… I think because your posts had so many
hash/numbers in them? anyhow, should be unblocked now…
Stop using the complex command that does not work and try it as I suggested above.
shasum -a 256 -c Fedora-Workstation-38-1.6-x86_64-CHECKSUM
That works for me every time.
The -c option tells it to read the given file, compute the checksum for the named iso and compare it to the checksum that is in the given CHECKSUM file for that iso.
Use cat Fedora-Workstation-38-1.6-x86_64-CHECKSUM and you can see the filenames to be checked and their checksums that are used for comparison.
This is what you should see if the ISO is valid
$ shasum -a 256 -c Fedora-Workstation-38-1.6-x86_64-CHECKSUM
Fedora-Workstation-Live-x86_64-38-1.6.iso: OK
shasum: WARNING: 19 lines are improperly formatted
The 19 lines warning is ok. That is a gpg signature for verifying the file came from the proper source.
1 Like
You can even run it without the “-a” option if you like.
shasum -c Fedora-Workstation-38-1.6-x86_64-CHECKSUM
There is enough information in the CHECKSUM file to determine which algorithm to use. If that would work on Macs, I have no idea.
1 Like
Sorry, I used the complicated command, because when using 'shasum -a 256 -c Fedora-workstation-38-1.6-x86_64-CHECKSUM, I get the following:
shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found
I’m downloading a another ISO, to find out whether that solves the problem.
Why? The error message clearly has nothing to do with the ISO; downloading the ISO again won’t change anything.
I’ve already shown that the checksum of your ISO (which you obtained yourself) matches the checksum contained in the CHECKSUM file. You can repeat what I did to verify it.
[quote=“Mario Deno, post:26, topic:82230, username:mario888”]
using 'shasum -a 256 -c Fedora-workstation-38-1.6-x86_64-CHECKSUM, I get the following:
shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found
[/quote]]
My old iMac is running Fedora 38, but I know macOS uses BSD command-liine tools: so
(shasum(1)) might be useful.
SHASUM(1) Perl Programmers Reference Guide SHASUM(1)
[...]
-a, --algorithm 1 (default), 224, 256, 384, 512, 512224, 512256
[...]
When verifying SHA-512/224 or SHA-512/256 checksums, indicate the
algorithm explicitly using the -a option, e.g.
shasum -a 512224 -c checksumfile
[...]
This seems to be the same (modulo version updates) as the Fedora version. Example:
% shasum -a 512256 -c Fedora-Workstation-35-1.2-x86_64-CHECKSUM
Fedora-Workstation-Live-x86_64-35-1.2.iso: OK
shasum: WARNING: 19 lines are improperly formatted