Downloading Fedora and Ubuntu LINUX: Verifying Checksums

For the last couple weeks I have had severe problems with my internet provider, and have not been able to post here. As you may have read in one of my earlier posts, this is not the first time. This week, I finally switched to a new ISP with broadband. Hopefully these folks will provide better and more reliable service. Thus far, it certainly promises to be faster than the other one.

Now that I have reasonably fast access, I decided to update my LINUX boxen to the latest releases. Since I run both Ubuntu and Fedora, I downloaded the current releases of both.

Checking File Integrity
When you download a LINUX distribution, or other software for that matter, it is good practice to use the checksum data, if supplied, to verify that your file is intact. This helps make sure the file wasn't corrupted during the download and that hopefully it hasn't been tampered with.

As a service to my fellow Ubuntu and Fedora users, I decided to post some instructions for doing this. Hopefully it will help someone.

For Ubuntu:

The following link offers helpful information:
https://help.ubuntu.com/community/HowToMD5SUM

In summary, here's what I did to check mine:

1) For the MD5SUM file, go to http://releases.ubuntu.com/, select the release you are interested in, then scroll down to the bottom of that page to find the MD5SUMS file. You can also find cd .iso files there to download.

2) Download the appropriate checksum file to the directory where you downloaded the cd .iso file to.

3) After downloading the md5 file [for Ubuntu 10.04 in this case], run the following from the command prompt:
md5sum ubuntu-10.04-desktop-i386.iso

You will (should) get an output such as this:
d044a2a0c8103fc3e5b7e18b0f7de1c8 ubuntu-10.04-desktop-i386.iso
Check this against the checksum file and make sure all the digits match.

Note that this also matches this line from the checksum file I downloaded:
d044a2a0c8103fc3e5b7e18b0f7de1c8 *ubuntu-10.04-desktop-i386.iso

This shows the .iso file matches the md5 checksum and so is probably not corrupted or been tampered with.

What I like to do is copy and paste these sets of numbers into a text file like this:
d044a2a0c8103fc3e5b7e18b0f7de1c8 *ubuntu-10.04-desktop-i386.iso
d044a2a0c8103fc3e5b7e18b0f7de1c8 ubuntu-10.04-desktop-i386.iso

This makes it easy to visually compare the two strings WITHOUT making yourself cross-eyed :)

If the strings match, you're good to go!! If not, then either your downloaded .iso is corrupted, or else you may be using the wrong checksum file.


For Fedora:

Fedora now does something different from the traditional md5sums command. They use something called sha256sum.
Here's how to do it:

First, you will need the appropriate checksum file for your .iso file.

For Fedora 13 checksums, go to
For 32 Bit, go to https://fedoraproject.org/static/checksums/Fedora-13-i386-CHECKSUM

For 64 bit, go to https://fedoraproject.org/static/checksums/Fedora-13-x86_64-CHECKSUM

For "Live" 32-bit desktop cd, go to https://fedoraproject.org/static/checksums/Fedora-13-i686-Live-CHECKSUM

For "Live" 64-bit desktop cd, go to https://fedoraproject.org/static/checksums/Fedora-13-x86_64-Live-CHECKSUM

Download and save the appropriate file to the same directory you downloaded your cd or DVD iso file to.


To check your downloaded iso, go to the command prompt and do the following:

1) Import the gpg keys by doing:

$ curl https://fedoraproject.org/static/fedora.gpg | gpg --import

2) Go to the directory you downloaded your iso file to.

3) Type the following command:
sha256sum -c Fedora-13-i686-Live-CHECKSUM if you are doing a "live" desktop cd, or
sha256sum -c Fedora-13-i386-CHECKSUM if you are doing the DVD or the several CD set.

You SHOULD get something like the following output if everything is OK:
Fedora-13-i686-Live.iso: OK

If you don't, then either your downloaded .iso is corrupted, or else you may be using the wrong checksum file.

Hope this helps someone.

Have fun!