Platform-releng/How to check integrity of downloads
Revision as of 00:52, 3 December 2013 by David williams.acm.org (Talk | contribs) (improved wording to be more general)
Verifying integrity of downloads
Downloads can be verified using md5sum or sha1sum, a Unix command line tool provided in the GNU Textutils package. Windows binary versions are available such as at etree.org.
- Most downloads have an associated link "(md5)" to a *.md5file containing its MD5 checksum and another link "(sha1)" to a *.sha1 file containing its SHA1 checksum. Download these files, such as from Eclipse download page, or the main Eclipse Foundation's packages downloads page (the checksums are available on the page where you select a mirror, but the checksums come directly from "eclipse.org", not the mirror). Put those checksum files into the same directory as the downloaded archive (zip or tar.gz) file.
- Using the tools described at beginning of this page, execute a command such as "md5sum -c <zipfilename>.md5" or "sha1sum -c <zipfilename>.sha1". The result "<zipfilename>: OK" means the downloaded file is complete and intact.