Where to find the checksum for Fedora 38 and some other questions

mario888 · May 12, 2023, 3:41pm

Hi all, tnx a lot,

I just did the following:

First attempt, didn’t work out:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 ?/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: FAILED
shasum: WARNING: 1 computed checksum did NOT match

Second attempt seems to have been working, although there was no match:
xxx@Mac-xxx ~ % shasum -a 256 -c <<< ‘7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 ^/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM’
/Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: FAILED
shasum: WARNING: 1 computed checksum did NOT match

I think I have to try another download of the ISO and see if the checksum matches.

mario888 · May 12, 2023, 3:43pm

Tried just plain text, no links. Another block. Strange. I’ll try again tomorrow.

kevin · May 12, 2023, 3:52pm

It’s the askimet check… I think because your posts had so many
hash/numbers in them? anyhow, should be unblocked now…

computersavvy · May 12, 2023, 3:56pm

Stop using the complex command that does not work and try it as I suggested above.
shasum -a 256 -c Fedora-Workstation-38-1.6-x86_64-CHECKSUM
That works for me every time.

The -c option tells it to read the given file, compute the checksum for the named iso and compare it to the checksum that is in the given CHECKSUM file for that iso.
Use cat Fedora-Workstation-38-1.6-x86_64-CHECKSUM and you can see the filenames to be checked and their checksums that are used for comparison.

This is what you should see if the ISO is valid

$ shasum -a 256 -c Fedora-Workstation-38-1.6-x86_64-CHECKSUM 
Fedora-Workstation-Live-x86_64-38-1.6.iso: OK
shasum: WARNING: 19 lines are improperly formatted

The 19 lines warning is ok. That is a gpg signature for verifying the file came from the proper source.

vekruse · May 13, 2023, 7:43pm

You can even run it without the “-a” option if you like.

shasum -c Fedora-Workstation-38-1.6-x86_64-CHECKSUM

There is enough information in the CHECKSUM file to determine which algorithm to use. If that would work on Macs, I have no idea.

mario888 · May 14, 2023, 12:55pm

Sorry, I used the complicated command, because when using 'shasum -a 256 -c Fedora-workstation-38-1.6-x86_64-CHECKSUM, I get the following:

shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found

I’m downloading a another ISO, to find out whether that solves the problem.

jn64 · May 14, 2023, 1:01pm

Why? The error message clearly has nothing to do with the ISO; downloading the ISO again won’t change anything.

I’ve already shown that the checksum of your ISO (which you obtained yourself) matches the checksum contained in the CHECKSUM file. You can repeat what I did to verify it.

gnwiii · May 14, 2023, 1:22pm

[quote=“Mario Deno, post:26, topic:82230, username:mario888”]
using 'shasum -a 256 -c Fedora-workstation-38-1.6-x86_64-CHECKSUM, I get the following:

shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found
[/quote]]

My old iMac is running Fedora 38, but I know macOS uses BSD command-liine tools: so
(shasum(1)) might be useful.

SHASUM(1)	       Perl Programmers	Reference Guide		     SHASUM(1)
[...]
-a, --algorithm   1 (default), 224, 256, 384,	512, 512224, 512256
[...]
When verifying SHA-512/224 or SHA-512/256 checksums, indicate the
algorithm explicitly using the -a option, e.g.

	  shasum -a 512224 -c checksumfile
[...]

This seems to be the same (modulo version updates) as the Fedora version. Example:

 % shasum -a 512256 -c Fedora-Workstation-35-1.2-x86_64-CHECKSUM
Fedora-Workstation-Live-x86_64-35-1.2.iso: OK
shasum: WARNING: 19 lines are improperly formatted

mario888 · May 14, 2023, 1:22pm

Yes, you are right. It’s because the shasum of the checksum file is different. And also because the answer ‘no properly formatted SHA1 checksum lines found’ could be because of a corrupted ISO.

jn64 · May 14, 2023, 1:30pm

No, that error message clearly says no SHA1 checksums were found (in the CHECKSUM file, which was given as the argument to the command). Which is correct, because the CHECKSUM file only contains SHA256 checksums. It has nothing to do with the ISO.

Please open the CHECKSUM file and see that it contains the exact SHA256 checksum you already calculated for the ISO.

mario888 · May 14, 2023, 1:36pm

Hi Justin,

thanx. I just did that and I get the following:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Fedora-Workstation-Live-x86_64-38-1.6.iso: 2099451904 bytes
SHA256 (Fedora-Workstation-Live-x86_64-38-1.6.iso) = 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992

As you said, it give the shasum of the ISO (as I read it). But, when I check the shasum of the CHECKSUM-file I get a different shasum: bf5dca7186e3518ba90c3da270da36a8d9358bb10130200e8da1bdef97f1bf31.

jn64 · May 14, 2023, 1:55pm

That is expected. The checksum of the CHECKSUM file is not supposed to be the same as the checksum of the ISO.

The checksum of the CHECKSUM file is irrelevant. You don’t have any other checksum to compare it to. According to Fedora keeps you safe | The Fedora Project, the way to verify that the CHECKSUM file is authentic is using Fedora’s GPG key (steps 1 to 3).

Then step 4 compares the checksum in the CHECKSUM file against the checksum of the ISO.

jn64 · May 14, 2023, 1:59pm

@computersavvy Please don’t remove words or change the meaning of others’ posts.

mario888 · May 14, 2023, 2:02pm

Ah, ok. Thanks a lot. That’s apparently another way of checking to which I am used to. Step 4 says ‘verify the checksum matches’. I presumed this meant the same.

computersavvy · May 14, 2023, 2:07pm

I did not. Merely added the preformatted text tags so it was more easily readable.

mario888 · May 14, 2023, 2:17pm

Hi George, I tried it. But I got this output:

shasum -a 512256 -c /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso
shasum: /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM: no properly formatted SHA1 checksum lines found

As Justin said, the shasum of the checksum file and the ISO file are not supposed to be the same. It’s a pity I couldn’t check it via terminal.

jn64 · May 14, 2023, 2:29pm

Maybe there is a limitation or bug with your version of shasum. Sometimes Mac CLI tools are outdated because of their licensing choices or because they simply don’t update them.

Can you try it without -a ... and without giving the ISO as an argument? This is the simplest command that should work:

shasum -c /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM

Also what is the version of shasum?

shasum -v

gnwiii · May 14, 2023, 3:16pm

The macOS version would be helpful, as would comparing the man page on mac with the current version from BSD. Fedora 38 has:

% shasum --version
6.04

Need a cli to check the sha256 has of file (on macOS) mentions openssl -dgst as another option, also available on Fedora 38:

% openssl dgst -sha256 Fedora-Workstation-Live-x86_64-35-1.2.iso
SHA2-256(Fedora-Workstation-Live-x86_64-35-1.2.iso)= 85d9d0c233d560e401e2ad824aa8e6d5614e8b977dfe685396bfb2eb3ba5b253
% grep 85d9d0c233d560e401e2ad824aa8e6d5614e8b977dfe685396bfb2eb3ba5b253 Fedora-Workstation-35-1.2-x86_64-CHECKSUM
SHA256 (Fedora-Workstation-Live-x86_64-35-1.2.iso) = 85d9d0c233d560e401e2ad824aa8e6d5614e8b977dfe685396bfb2eb3ba5b253

Note the difference: SHA2-256 versus SHA256 both refer to the same algorithm but might confuse the -c option in some implementations.

vekruse · May 14, 2023, 3:43pm

From previous posts:
The contents of the checksum file is

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Fedora-Workstation-Live-x86_64-38-1.6.iso: 2099451904 bytes
SHA256 (Fedora-Workstation-Live-x86_64-38-1.6.iso) = 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992

The calculated checksum is

xxx@Mac-xxx ~ % shasum -a 256 /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM
7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 /Users/xxx/Downloads/Fedora-Workstation-Live-x86_64-38-1.6.iso
bf5dca7186e3518ba90c3da270da36a8d9358bb10130200e8da1bdef97f1bf31 /Users/xxx/Downloads/Fedora-Workstation-38-1.6-x86_64-CHECKSUM

Compare the value 7a444a2e19012023bf0b015ae30135bafc5fd20f4f333310d42b118745093992 from the contents of the CHECKSUM from the calculated checksum we see a match

It is possible that the mac version of shasum does not understand the format produced by the linux sha256sum --tag command, and that is why you should do the manual comparison as suggested in message 13.

mario888 · May 14, 2023, 5:00pm

The shasum version is 5.84.

If I do the shasum -c I get the same output ‘no properly formatted SHA1 checksum lines found’