Verifying your GNU/Linux installation downloads

Over the years I have not really paid much attention to verifying downloads for the GNU/Linux installation discs when I download them. I used to just download the ISO files, burn them, and sometimes I would use the self-verifying media check that Red Hat does at the very beginning of the installation process. I figured that normal FTP transfer will use its own methods for ensuring that the ISO files that I download are good, and that the burning software would bomb if the ISO files were bad. It turns out, this is not the case, and it is very important to verify the dowloaded ISO files. Especially if you are trying to download an ISO and it gets interrupted several times and you need to resume the download. A few minutes of checking the ISO files up front can save time troubleshooting installation problems later.

Checking the ISO files is very easy. When you download an ISO for any of the regular GNU/Linux distributions, in the same directory where the ISO files are should exist additional files for "md5sum", "sha256sum", and maybe others. They are text files, but if you download them and look at their contents, you will see that they contain the checksum strings for the ISO files in that directory. I prefer to use the "sha256sum" one which is common now.

So how do these checksum strings help? The object is to run a checksum utility against the ISO file on your computer, and make sure that the checksum it generates on your computer matches the checksum in the text files from the FTP server. If the checksums match, then you know that you have an exact copy of the ISO file that is 100% completely in tact. How do you generate a checksum for the ISO file on your computer? Simply use one of the built-in utilities in GNU/Linux from the command line. To view a MD5 checksum, run "md5sum file.iso" (where file.iso is your ISO file you downloaded) and it will read the ISO file and after a minute or so report the checksum that it sees. To view a SHA256 sum, simply run "sha256sum file.iso". If you are stuck on Windows to download your GNU/Linux ISO files, you can search around and choose one of the 50 different utilities that do this for Windows. There is no built-in utility for this in Windows by default. Apparently Microsoft doesn't think it's important to verify download integrity.

If your checksum matches the one in the text file, you are all set to either burn the ISO or extract it to an FTP or HTTP server to do a local network installation, etc. I would also highly recommend allowing the self media check run on the disc(s) that prompt at the beginning of the GNU/Linux installation as well, which will ensure that no problems were introduced on the burned disc.

If your checksum does not match, thankfully there is an easy fix. Many download mirrors support the "rsync" protocol, which is a file transfer method. The Rsync utility for GNU/Linux is an excellent utility which can transfer parts of files between two systems and keep them in sync. So, the Rsync program can be used to find the missing or corrupt pieces of the ISO file, and fix them so that the file is complete. Here is an example of how to fix an ISO file that has a mis-matched checksum:

rsync -av rsync://mirrors.us.kernel.org/fedora/releases/10/Fedora/i386/iso/Fedora-10-i386- DVD.iso ~/temp/fedora10/

This command needs the Rsync server mirror that you want to use, complete with the full path to the ISO file. In this example, I used "rsync://mirrors.us.kernel.org/fedora/releases/10/Fedora/i386/iso/Fedora-10-i386- DVD.iso" for the Fedora 10 DVD ISO file. The next parameter is the directory on your computer where your ISO file is located. In this case, I used "~/temp/fedora10/" which is the local folder where the corrupt ISO is located. It may take a little bit for the Rsync command to finish, as for a DVD it has to scan a 4.3 GB file. But, normally if the ISO file on your computer is 99.9% good, it will only take several minutes for this process to finish. Rsync is so efficient that it can scan a file of this size, and repair it, in a fraction of the time it would take to download the entire file again. Rsync is a great utility and I have written about it before on using it to perform file backups. It is extremely efficient. After the rsync command is finished, be sure to run one of the checksum utilities again, and make sure that the checksum matches before using the ISO file.

So the next time you download ISO files for a GNU/Linux distribution, be sure to take a few extra minutes and make sure the files are in tact before you use them. It will ensure you get a perfect GNU/Linux installation.