Whenever you download an image file of any Linux distribution, it should always be checked for correctness and safety. This can be done by generating an MD5 hash after downloading the image file and then comparing the generated hash with the hash generated by the organization supplying the image file.
This helps in checking the integrity of the downloaded file. If the original file was tampered with it can be detected using the MD5 hash comparison. The larger the file size, the higher the possibility of changes in the file. It is always recommended you do an MD5 hash comparison for files such as the operating system installation CD.
md5sum
is normally installed in most Linux distributions, so installation is not required.
Perform the following steps:
- Open the Linux Terminal and then change the directory to the folder containing the downloaded ISO file.
Note
Because Linux is case sensitive, type the correct spelling for the folder name. Downloads are not the same as downloads in Linux.
- After changing to the download directory, type the following command:
md5sum ubuntu-filename.iso
md5sum will then print the calculated hash in a single line as shown here:
8044d756b7f00b695ab8dce07dce43e5 ubuntu-filename.iso
Now we can compare the hash calculated by this command with the hash on the UbuntuHashes page (https://help.ubuntu.com/community/UbuntuHashes). After opening the UbuntuHashes page, we just need to copy this previously calculated hash, in the Find
box of the browser (by pressing Ctrl + F).
If the calculated hash and the hash on the UbuntuHashes page match, then the downloaded file is not damaged. In case the hashes don't match, then there is a possibility that the file might be tampered or is damaged. Try downloading the file again. If the issue still persists, it is recommended you report the issue to the administrator of the server.
Here’s something extra in case you want to go the extra mile: the GUI checksum calculator available for Ubuntu.
Sometimes, it’s really inconvenient to use the Terminal for doing checksums. You need to know the right folder of the downloaded file and also the exact filename. This makes it difficult to remember the exact commands.
As a solution, there is the very small and simple software – GtkHash.
You can download the tool here: http://gtkhash.sourceforge.net/.
Or you can install it by using the following command:
sudo apt-get install gtkhash