About nixCraft

Topics

Howto: Verify integrity of the tar balls or source code

Posted by Vivek Gite [Last updated: July 26, 2007]

Verifying integrity of the tar balls or source code is an essential step, which makes sure that you are going to use guanine software (also know as checksum). Every Linux or UNIX admin should be aware of this test. However, what is a checksum? A checksum is a form of a very simple measure for protecting the integrity of data from both hackers (read as crackers) and data transmission error over network i.e. make sure no one has tampered with a source file (see checksum @ wikipedia) For file verification, use any one of the following command:

  1. sha1sum - check SHA1 (160-bit) checksums
  2. md5sum - check MD5 (128-bit) checksums
  3. gpg - Use to validate a GPG certificate

Therefore, whenever you visit source-code download site, you will come across md5sum, sha1sum, or gpg signature keys listed. Following is general syntax to verify keys with different commands:

Examples ~ sure, without examples no one able to grasp the idea:

E-mail this to a friend      Printable version

You may also be interested in other helpful articles:

Discussion on This Article:

  1. Anonymous Says:

    Interesting stuff, Keep it up good work

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Tags: , , , , , , , ,

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.