Howto: Verify integrity of the tar balls or source code

by on December 2, 2005 · 2 comments· Last updated July 26, 2007

Verifying integrity of the tar balls or source code is an essential step, which makes sure that you are going to use guanine software (also know as checksum). Every Linux or UNIX admin should be aware of this test. However, what is a checksum? A checksum is a form of a very simple measure for protecting the integrity of data from both hackers (read as crackers) and data transmission error over network i.e. make sure no one has tampered with a source file (see checksum @ wikipedia) For file verification, use any one of the following command:

  1. sha1sum - check SHA1 (160-bit) checksums
  2. md5sum - check MD5 (128-bit) checksums
  3. gpg - Use to validate a GPG certificate

Therefore, whenever you visit source-code download site, you will come across md5sum, sha1sum, or gpg signature keys listed. Following is general syntax to verify keys with different commands:

  • sha1sum {source-code-file-name}
  • md5sum {source-code-file-name}
  • gpg --verify {source-code-file-name.sig} {source-code-file-name}

Examples ~ sure, without examples no one able to grasp the idea:



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 2 comments… read them below or add one }

1 Anonymous December 4, 2005 at 12:37 am

Interesting stuff, Keep it up good work

Reply

2 unhackmee September 16, 2011 at 4:27 am

ah, what a guanine-ly helpful article…

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 8 + 11 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Tagged as: , , , , , , , ,

Previous post:

Next post: