You can even run it without the “-a” option if you like.
shasum -c Fedora-Workstation-38-1.6-x86_64-CHECKSUM
There is enough information in the CHECKSUM file to determine which algorithm to use. If that would work on Macs, I have no idea.
1 Like
Sorry, I used the complicated command, because when using 'shasum -a 256 -c Fedora-workstation-38-1.6-x86_64-CHECKSUM, I get the following:
shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found
I’m downloading a another ISO, to find out whether that solves the problem.
Why? The error message clearly has nothing to do with the ISO; downloading the ISO again won’t change anything.
I’ve already shown that the checksum of your ISO (which you obtained yourself) matches the checksum contained in the CHECKSUM file. You can repeat what I did to verify it.
[quote=“Mario Deno, post:26, topic:82230, username:mario888”]
using 'shasum -a 256 -c Fedora-workstation-38-1.6-x86_64-CHECKSUM, I get the following:
shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found
[/quote]]
My old iMac is running Fedora 38, but I know macOS uses BSD command-liine tools: so
(shasum(1)) might be useful.
SHASUM(1) Perl Programmers Reference Guide SHASUM(1)
[...]
-a, --algorithm 1 (default), 224, 256, 384, 512, 512224, 512256
[...]
When verifying SHA-512/224 or SHA-512/256 checksums, indicate the
algorithm explicitly using the -a option, e.g.
shasum -a 512224 -c checksumfile
[...]
This seems to be the same (modulo version updates) as the Fedora version. Example:
% shasum -a 512256 -c Fedora-Workstation-35-1.2-x86_64-CHECKSUM
Fedora-Workstation-Live-x86_64-35-1.2.iso: OK
shasum: WARNING: 19 lines are improperly formatted
Yes, you are right. It’s because the shasum of the checksum file is different. And also because the answer ‘no properly formatted SHA1 checksum lines found’ could be because of a corrupted ISO.
No, that error message clearly says no SHA1 checksums were found (in the CHECKSUM file, which was given as the argument to the command). Which is correct, because the CHECKSUM file only contains SHA256 checksums. It has nothing to do with the ISO.
Please open the CHECKSUM file and see that it contains the exact SHA256 checksum you already calculated for the ISO.
Hi Justin,
thanx. I just did that and I get the following:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
# Fedora-Workstation-Live-x86_64-38-1.6.iso: 2099451904 bytes
SHA256 (Fedora-Workstation-Live-x86_64-38-1.6.iso) = 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992
As you said, it give the shasum of the ISO (as I read it). But, when I check the shasum of the CHECKSUM-file I get a different shasum: bf5dca7186e3518ba90c3da270da36a8d9358bb10130200e8da1bdef97f1bf31.
That is expected. The checksum of the CHECKSUM file is not supposed to be the same as the checksum of the ISO.
The checksum of the CHECKSUM file is irrelevant. You don’t have any other checksum to compare it to. According to Fedora keeps you safe | The Fedora Project, the way to verify that the CHECKSUM file is authentic is using Fedora’s GPG key (steps 1 to 3).
Then step 4 compares the checksum in the CHECKSUM file against the checksum of the ISO.
1 Like
Ah, ok. Thanks a lot. That’s apparently another way of checking to which I am used to. Step 4 says ‘verify the checksum matches’. I presumed this meant the same.
1 Like
I did not. Merely added the preformatted text tags so it was more easily readable.
Hi George, I tried it. But I got this output:
shasum -a 512256 -c /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso
shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found
As Justin said, the shasum of the checksum file and the ISO file are not supposed to be the same. It’s a pity I couldn’t check it via terminal.
Maybe there is a limitation or bug with your version of shasum. Sometimes Mac CLI tools are outdated because of their licensing choices or because they simply don’t update them.
Can you try it without -a ... and without giving the ISO as an argument? This is the simplest command that should work:
shasum -c /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM
Also what is the version of shasum?
shasum -v
The macOS version would be helpful, as would comparing the man page on mac with the current version from BSD. Fedora 38 has:
% shasum --version
6.04
Need a cli to check the sha256 has of file (on macOS) mentions openssl -dgst as another option, also available on Fedora 38:
% openssl dgst -sha256 Fedora-Workstation-Live-x86_64-35-1.2.iso
SHA2-256(Fedora-Workstation-Live-x86_64-35-1.2.iso)= 85d9d0c233d560e401e2ad824aa8e6d5614e8b977dfe685396bfb2eb3ba5b253
% grep 85d9d0c233d560e401e2ad824aa8e6d5614e8b977dfe685396bfb2eb3ba5b253 Fedora-Workstation-35-1.2-x86_64-CHECKSUM
SHA256 (Fedora-Workstation-Live-x86_64-35-1.2.iso) = 85d9d0c233d560e401e2ad824aa8e6d5614e8b977dfe685396bfb2eb3ba5b253
Note the difference: SHA2-256 versus SHA256 both refer to the same algorithm but might confuse the -c option in some implementations.
From previous posts:
The contents of the checksum file is
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
# Fedora-Workstation-Live-x86_64-38-1.6.iso: 2099451904 bytes
SHA256 (Fedora-Workstation-Live-x86_64-38-1.6.iso) = 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992
The calculated checksum is
xxx@Mac-xxx ~ % shasum -a 256 /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM
7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso
bf5dca7186e3518ba90c3da270da36a8d9358bb10130200e8da1bdef97f1bf31 /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM
Compare the value 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 from the contents of the CHECKSUM from the calculated checksum we see a match
It is possible that the mac version of shasum does not understand the format produced by the linux sha256sum --tag command, and that is why you should do the manual comparison as suggested in message 13.
1 Like
The shasum version is 5.84.
If I do the shasum -c I get the same output ‘no properly formatted SHA1 checksum lines found’
On the page you are referring to, it has the alternative/complicated way of checking: shasum -a 256 -c <<< ‘(hashToCompare) mode character’
In my case I got the ‘FAILED’ output.
I’m guessing shasum 5.84 doesn’t understand BSD-style checksums. According to the changelog that comes with Fedora’s shasum, the BSD-style --tag option was added in shasum 6.00 in 2017.
This is BSD-style:
SHA256 (Fedora-Workstation-Live-x86_64-38-1.6.iso) = 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992
This is GNU-style:
7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 Fedora-Workstation-Live-x86_64-38-1.6.iso
By the way, shasum 5.84 is from 2013.
I assume that by now you have manually verified that your download has the correct checksum, but if could be helpful to others to fully understand the failure and hopefully provide a workaround to make things easier in the future.
You could try creating a file using shasum -a 256 --tag ISO_name > ISO_name.SHA256 and see if sha1sum -c ISO_name.SHA256 gives an acceptable format and an “OK” result.
You can convert the format
perl -pe 's/SHA256 \(([^)]+)\) = ([0-9a-f]+)/$2 $1/;' Fedora-Workstation-38-1.6-x86_64-CHECKSUM > newchecksum
shasum -a 256 -c newchecksum
2 Likes