How do you use md5sum?

faeychild wrote:
> Unruh wrote:
>
>
>>Ohmster <notareal@emailaddress.com> writes:
>>
>>
>>>How do I check that these are indeed "official" FC3 image files and are
>>>the same as those offered by the linuxiso website? Running md5sum like
>>>this:
>>
>>>[ohmster@ohmster FC3]$ md5sum FC3-i386-disc1.iso
>>>db8c7254beeb4f6b891d1ed3f689b412 FC3-i386-disc1.iso
>>>[ohmster@ohmster FC3]$
>>
>>>Gives me this huge number that I could check against the md5sum number
>>>on the linuxiso website or ever on the alternate download site, but that
>>
>>Good. You have got it.
>>Now why would that leave lots of room for human error. Any change in the
>>files is likely to cause half of the bits in the md5sum to change. Ie,
>>each character remaining the same has about a 1/16 chance. 5 given
>
> His point is - comparing the output of md5sum with the actual checksum
> number, by eye, is error prone.
> There may be some way to pipe the output of md5sum through a compare
> function, but I don't know it. Surely a script wouldn't be too difficult
> to knock up.
> Then again, compairing checksums is not something I do too frequently.
>
Stupid script to do the job, it may not be the best perl but it works:

#! /usr/bin/perl -w

use strict;

# given an md5sum via stdin and an md5sum as arg 1 check them out

my $md5 = shift;

print "md5=$md5\n";

if($md5 =~ /^(.*) /) {
$md5 = $1;
}

my $test = <>;

my $md5part;

$test =~ /^(.*?) /;

$md5part = $1;

print "md5 from pipe=|$md5part|, md5 as argument=|$md5|\n";

if($md5part eq $md5) {
print "md5 matches\n";
} else {
print "md5 Does not Match!\n";
}

Unruh wrote:
> faeychild <phobos@deimos.com> writes:
>
>
>>Unruh wrote:
>
>
>>>Ohmster <notareal@emailaddress.com> writes:
>>>
>>>
>>>>How do I check that these are indeed "official" FC3 image files and are
>>>>the same as those offered by the linuxiso website? Running md5sum like
>>>>this:
>>>
>>>>[ohmster@ohmster FC3]$ md5sum FC3-i386-disc1.iso
>>>>db8c7254beeb4f6b891d1ed3f689b412 FC3-i386-disc1.iso
>>>>[ohmster@ohmster FC3]$
>>>
>>>>Gives me this huge number that I could check against the md5sum number
>>>>on the linuxiso website or ever on the alternate download site, but that
>>>
>>>Good. You have got it.
>>>Now why would that leave lots of room for human error. Any change in the
>>>files is likely to cause half of the bits in the md5sum to change. Ie,
>>>each character remaining the same has about a 1/16 chance. 5 given
>>
>>His point is - comparing the output of md5sum with the actual checksum
>>number, by eye, is error prone.
>
>
> No, it is not. IF the files are not the same, there are liable to be fewer than
> 3
> digits of 32 which agree. Seeing that at least one digits differs if 94% of the
> digits differ is not hard to do by eye. The probability that say even 10
> (out of 32) digits are the same is very very small.
> Ie, comparing by eye has a very very low probability of error.
>
>
>
>>There may be some way to pipe the output of md5sum through a compare
>>function, but I don't know it. Surely a script wouldn't be too difficult
>>to knock up.
>>Then again, compairing checksums is not something I do too frequently.
>
>
> man md5sum
>
The --check option was new to me. I had never read the man on md5sum
that carefully. As it is the 'info coreutils md5sum' was more helpful
though still pretty hard to understand. An example would have helped so
here is one or two:

md5sum abc | md5sum --check

a=`md5sum abc`
echo "$a" | md5sum --check

In both cases what happens is that the output from md5sum is used as the
input. The output has the md5sum and the 'type' and the filename. Most
of the time the 'type' is ' ' (a space unless the file is forced to
binary by --binary in which case the 'type' is '*'). When md5sum is
invoked with --check it uses the filename which was part of the previous
md5sum as the filename to compare.

I actually think the man/info could have been clearer as it took me
several tries to get it to work. But then again one man's obtuse is
another 'clear as a bell'.

Anyway in the case of a download from the web you would need to cut and
past the md5 from the webpage (or download the md5 file) and then feed
that to the md5sum --check. Actually I think my little perl script might
be easier.

Unruh <unruh-spam@physics.ubc.ca> wrote in
news:d4ujfa$kqr$2@nntp.itservices.ubc.ca:

> ???? what are you doing?

I dunno, that is why I was asking for help. The man and info docs somehow
fail to make exactly clear to me as to what to do.

> If you want the md5 sum of FC3-i386-disc1.iso do
>
> md5sum FC3-i386-disc1.iso
>
> If you want to check it against the given sum. do
> md5sum -c FC3-i386-disc1.iso.md5
>

Oh great, great, great! This is what I wanted, thanks Unruh.
[ohmster@ohmster FC3]$ md5sum -c FC3-i386-disc1.iso.md5
FC3-i386-disc1.iso: OK
[ohmster@ohmster FC3]$

>>_.”¨ ”1x÷�s ÒûÆ÷Š”\ y\: No such file or directory
>
> Yes, there probably is no such file or directory. It took the first
> par of the file FC3-i386-disc1.iso up to the blank and assumed that
> was teh file name you wanted to check. It probably was not.

Yeah man, I figured that I was doing *something* wrong, but you sure got
it right, thanks buddy!

--
~Ohmster
ohmster at newsguy dot com

"Barton L. Phillips" <bartonphillips@sbcglobal.net> writes:

>> man md5sum
>>
>The --check option was new to me. I had never read the man on md5sum
>that carefully. As it is the 'info coreutils md5sum' was more helpful
>though still pretty hard to understand. An example would have helped so
>here is one or two:

>md5sum abc | md5sum --check

>a=`md5sum abc`
>echo "$a" | md5sum --check

man md5sum
" -c, --check
check MD5 sums against given list
"
The given list can be a list in the stdin or in a file
md5sum -c Mandriva-Linux-2005-Limited-Edition.x86_64.md5.asc


>In both cases what happens is that the output from md5sum is used as the
>input. The output has the md5sum and the 'type' and the filename. Most
>of the time the 'type' is ' ' (a space unless the file is forced to
>binary by --binary in which case the 'type' is '*'). When md5sum is
>invoked with --check it uses the filename which was part of the previous
>md5sum as the filename to compare.

>I actually think the man/info could have been clearer as it took me
>several tries to get it to work. But then again one man's obtuse is
>another 'clear as a bell'.

>Anyway in the case of a download from the web you would need to cut and
>past the md5 from the webpage (or download the md5 file) and then feed
>that to the md5sum --check. Actually I think my little perl script might
>be easier.

On 2005-04-30, Ohmster <notareal@emailaddress.com> wrote:

> I dunno, that is why I was asking for help. The man and info docs somehow
> fail to make exactly clear to me as to what to do.

Yeah, md5sum has to be one of the worst written man pages ever. I
never did figure it out and had to google long and far to find the
same simple info Unruh provided in a couple sentences.

nb

On Fri, 29 Apr 2005 23:33:01 +0000, Ohmster wrote:

> Newsbox <nospam_for_me_please@thanks.invalid> wrote in news:Y4SdnVFR-
> MluMe_fRVn-1w@acadia.net:
>
>> But the fact that it *may* *not* *be* a "real e-mail address" doesn't
>> alter the fact that it *_is_* a real domain, and that the owners of that
>> domain and others may be inconvenienced by your carelessness.
>>
>> Change your fake address to one that is truly and irrevocably at an
>> invalid domain or TLD. It is way, way rude to be putting other people at
>> risk.
>>
>> Thanks for learning, and best wishes.
>
> Thanks for the tip, give me suggestions, please. I have my "real" reply
> address after my signature that is easy to assemble. I really don't want
> anything in the normal reply address, I only used notareal@emailaddress.com
> because it seemed to be pretty self-explanitory. Suggest soemthing, if it
> sounds okay and works, I will use it. Thanks for the tip.

I did give you a suggestion in my message. Instead of using ".com",
".net", ".org", ".uk" or any other valid TLD, end your fake address with
".invalid". No real domain will ever end that way.

Of course I'm not suggesting anyone break rules, but at least avoid
unnecessarily putting others at risk. Best wishes.

On Fri, 29 Apr 2005 23:33:01 GMT, Ohmster <notareal@emailaddress.com> wrote:

> Thanks for the tip, give me suggestions, please. I have my "real" reply
> address after my signature that is easy to assemble. I really don't want
> anything in the normal reply address, I only used notareal@emailaddress.com
> because it seemed to be pretty self-explanitory. Suggest soemthing, if it
> sounds okay and works, I will use it. Thanks for the tip.

There are a couple ways to go about it. First way
prevents mailers from even attempting to send it.

ohmster@newsguy.invalid

Unfortunately, it's easy enough for a bot script to
simply change the invalid to com. With that in mind,
you might prefer to do something like

ohmster@fictitious.newsguy.com
(pinging fictitious.newsguy.com first to make sure
it's not valid))

If "fictitious" is obviously something made up, most
people trying to e-mail you will realize they need to
remove it... like

ohmster@RESISTOR.newsguy.invalid
(note at bottom like
"remove the resistor and validate the address to com")
(again, checking first to be sure resistor isn't a valid
subdomain)

Or to be prevent loading others' servers all together,
direct spam to your own TLD... along the lines of
billbaio@capacitor.ohmster.invalid

Then again, depending on your news server, you might
be able to leave out the From: e-mail all together.
Some servers will allow
From: Paul <>

--
Steve Ackman
http://twoloonscoffee.com (Need beans?)
http://twovoyagers.com (glass, linux & other stuff)

On Fri, 29 Apr 2005 23:33:01 +0000, Ohmster wrote:

[putulin]

>
> Thanks for the tip, give me suggestions, please. I have my "real" reply
> address after my signature that is easy to assemble. I really don't want
> anything in the normal reply address, I only used notareal@emailaddress.com
> because it seemed to be pretty self-explanitory. Suggest soemthing, if it
> sounds okay and works, I will use it. Thanks for the tip.

notreal@emailaddress.invalid

from RFC 2606

".invalid" is intended for use in online construction of domain
names that are sure to be invalid and which it is obvious at a
glance are invalid.

--
Sure, Linux has probs but hell, the probs are FREE.
With MS you pay dearly for a larger set of different-flavored problems!
Tayo'y Mga Pinoy

In article <Xns9647C80B9BBFFMyBigKitty@216.77.188.18>, Ohmster wrote:

>Thanks for the tip, give me suggestions, please. I have my "real" reply
>address after my signature that is easy to assemble. I really don't want
>anything in the normal reply address,

http://www.faqs.org/faqs/net-abuse-faq/munging-address/

Old guy

On Fri, 29 Apr 2005 17:53:55 -0400, Newsbox wrote:

> On Fri, 29 Apr 2005 12:51:15 +0000, Ohmster wrote:
>
>> Ohmster <notareal@emailaddress.com>
>
> [...]
>
> That may not be a real e-mail address, but the domain (emailaddress.com)
> is a real and registered domain. The owners of that domain might not
> appreciate your posting it on usenet because you may be directing tons of
> spam to their servers. Even people on other domains (like me) might have
> a gripe because the spam to a valid domain that you posted will
> unnecessarily load their own or public trunks and routers.
>
> The actual (unofficial?) rules (ask about RFC's if you can't google them)
> say we should all post valid e-mail addresses. And while I'm not
> recommending that anyone break the "rules", I will concur that many or
> most prefer the expedient of posting invalid or "munged" e-mail addresses,
> rather than being inundated with senseless, useless, garbage e-mail spam
> (like the ones your systems were recently spewing).
>
> But the fact that it *may* *not* *be* a "real e-mail address" doesn't
> alter the fact that it *_is_* a real domain, and that the owners of that
> domain and others may be inconvenienced by your carelessness.
>
> Change your fake address to one that is truly and irrevocably at an
> invalid domain or TLD. It is way, way rude to be putting other people at
> risk.
>
> Thanks for learning, and best wishes.

Please elaborate. I haven't seen anything about this, but I believe I am
guilty too. I just changed my email address in my newsreader (I stole
yours) but I used to have a valid address there. And that address does
get its share of spam. Thanks for the tip.