How do you use md5sum?

I just downloaded Fedora Core 3 and am a little bit uncertain about the
integrity of the iso files, I would like to check them before burning the
CDs and be sure that they are intact and are "official". I went to
linuxiso and found FC3:
http://www.linuxiso.org/distro.php?distro=64

Great, here is what I need, four CDs. I copy the URL for each CD on a
single line to a text file, next line, next URL, and I get four lines in
a text file with four URLs to the iso images, I call it fc3.txt. I run
wget to fetch the files:

wget -i fc3.txt

wget is off and running, grabbing the four iso files. Well, apparently
linuxiso does not have it's stuff together too well, the downloads are
slow and spotty. I have to run wget more than once to finish this
fetching:

wget -c -i fc3.txt

image four is not even a valid link so I cannot get image four. I hack
though the redirect and find the FTP site where the file is and grab the
last iso. I cannot complete the download, it stop and I try again and
finally give up and get the rest of the image file from a different
source.
http://linux.rz.ruhr-uni-bochum.de/d...386/core3-iso/

Now I don't feel good about this download, too spotty and intermittent,
so I use that last URL to grab all four iso image files in one swoop,
they come fast and they come complete.

How do I check that these are indeed "official" FC3 image files and are
the same as those offered by the linuxiso website? Running md5sum like
this:

[ohmster@ohmster FC3]$ md5sum FC3-i386-disc1.iso
db8c7254beeb4f6b891d1ed3f689b412 FC3-i386-disc1.iso
[ohmster@ohmster FC3]$

Gives me this huge number that I could check against the md5sum number on
the linuxiso website or ever on the alternate download site, but that
kind of checking leaves a lot of room for human error. Isn't there a way
to make md5sum check the files itself against the md5sum files on the
linuxiso website and could I check these alternate files against the
linuxiso website to see if they are the same? How would I do this? I
cannot quite figure out md5sum and how it works. Thanks.

--
~Ohmster
ohmster at newsguy dot com

Ohmster <notareal@emailaddress.com> writes:

>How do I check that these are indeed "official" FC3 image files and are
>the same as those offered by the linuxiso website? Running md5sum like
>this:

>[ohmster@ohmster FC3]$ md5sum FC3-i386-disc1.iso
>db8c7254beeb4f6b891d1ed3f689b412 FC3-i386-disc1.iso
>[ohmster@ohmster FC3]$

>Gives me this huge number that I could check against the md5sum number on
>the linuxiso website or ever on the alternate download site, but that

Good. You have got it.
Now why would that leave lots of room for human error. Any change in the
files is likely to cause half of the bits in the md5sum to change. Ie, each
character remaining the same has about a 1/16 chance. 5 given characters

remaining the same in the two md5sums has about a 1/100000 chance. Ie,
even checking the first five characters in the two md5sums is an extremely
good check that the two files are the same.

md5sum is a cryptographic hash. Ie, it is resistant to a determined
attacker trying his damndest to produce two different files with the same
sum. Bad downloading is not a determined adversary. md5 is vast overkill at
detecting bad downloads. But since it costs nothing, so what. So check the
first five characters in the sum. If they are the same, the download is
highly likely to be good. Better than than the chances you won the lottery
today.



>kind of checking leaves a lot of room for human error. Isn't there a way
>to make md5sum check the files itself against the md5sum files on the
>linuxiso website and could I check these alternate files against the
>linuxiso website to see if they are the same? How would I do this? I
>cannot quite figure out md5sum and how it works. Thanks.

man md5sum.
download the md5sum file (.md5) and follow the directions in man md5sum

Ohmster wrote:

> I just downloaded Fedora Core 3 and am a little bit uncertain about the
> integrity of the iso files, I would like to check them before burning the
> CDs and be sure that they are intact and are "official". I went to
> linuxiso and found FC3:
.......
> How do I check that these are indeed "official" FC3 image files and are
> the same as those offered by the linuxiso website? Running md5sum like
> this:
>
> [ohmster@ohmster FC3]$ md5sum FC3-i386-disc1.iso
> db8c7254beeb4f6b891d1ed3f689b412 FC3-i386-disc1.iso
> [ohmster@ohmster FC3]$
>
> Gives me this huge number that I could check against the md5sum number on
> the linuxiso website or ever on the alternate download site, but that
> kind of checking leaves a lot of room for human error. Isn't there a way

What is your problem? You just have to look for one different character
(open the website with the md5sums, and a editor/shell with your computed
md5sums) and trash the iso - otherwise feel free to burn it and install.
You may download the *.md5 file and run "md5sum -c" against it, provided you
have the isos in the same directory. See "man md5sum".
--
Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
detected penguin patterns on mousepad. Partition scan in progress
*to*remove*offending*incompatible*products.**React ivate*MS*software.
Linux woodpecker.homnet.at 2.6.11-mm4[LinuxCounter#295241,ICQ#4918962]

On Fri, 29 Apr 2005 12:51:15 +0000, Ohmster wrote:

> Ohmster <notareal@emailaddress.com>

[...]

That may not be a real e-mail address, but the domain (emailaddress.com)
is a real and registered domain. The owners of that domain might not
appreciate your posting it on usenet because you may be directing tons of
spam to their servers. Even people on other domains (like me) might have
a gripe because the spam to a valid domain that you posted will
unnecessarily load their own or public trunks and routers.

The actual (unofficial?) rules (ask about RFC's if you can't google them)
say we should all post valid e-mail addresses. And while I'm not
recommending that anyone break the "rules", I will concur that many or
most prefer the expedient of posting invalid or "munged" e-mail addresses,
rather than being inundated with senseless, useless, garbage e-mail spam
(like the ones your systems were recently spewing).

But the fact that it *may* *not* *be* a "real e-mail address" doesn't
alter the fact that it *_is_* a real domain, and that the owners of that
domain and others may be inconvenienced by your carelessness.

Change your fake address to one that is truly and irrevocably at an
invalid domain or TLD. It is way, way rude to be putting other people at
risk.

Thanks for learning, and best wishes.

Newsbox <nospam_for_me_please@thanks.invalid> wrote in news:Y4SdnVFR-
MluMe_fRVn-1w@acadia.net:

> But the fact that it *may* *not* *be* a "real e-mail address" doesn't
> alter the fact that it *_is_* a real domain, and that the owners of that
> domain and others may be inconvenienced by your carelessness.
>
> Change your fake address to one that is truly and irrevocably at an
> invalid domain or TLD. It is way, way rude to be putting other people at
> risk.
>
> Thanks for learning, and best wishes.

Thanks for the tip, give me suggestions, please. I have my "real" reply
address after my signature that is easy to assemble. I really don't want
anything in the normal reply address, I only used notareal@emailaddress.com
because it seemed to be pretty self-explanitory. Suggest soemthing, if it
sounds okay and works, I will use it. Thanks for the tip.

--
~Ohmster
ohmster at newsguy dot com

Unruh wrote:

> Ohmster <notareal@emailaddress.com> writes:
>
>>How do I check that these are indeed "official" FC3 image files and are
>>the same as those offered by the linuxiso website? Running md5sum like
>>this:
>
>>[ohmster@ohmster FC3]$ md5sum FC3-i386-disc1.iso
>>db8c7254beeb4f6b891d1ed3f689b412 FC3-i386-disc1.iso
>>[ohmster@ohmster FC3]$
>
>>Gives me this huge number that I could check against the md5sum number
>>on the linuxiso website or ever on the alternate download site, but that
>
> Good. You have got it.
> Now why would that leave lots of room for human error. Any change in the
> files is likely to cause half of the bits in the md5sum to change. Ie,
> each character remaining the same has about a 1/16 chance. 5 given
His point is - comparing the output of md5sum with the actual checksum
number, by eye, is error prone.
There may be some way to pipe the output of md5sum through a compare
function, but I don't know it. Surely a script wouldn't be too difficult
to knock up.
Then again, compairing checksums is not something I do too frequently.

--
faeychild

faeychild <phobos@deimos.com> writes:

>Unruh wrote:

>> Ohmster <notareal@emailaddress.com> writes:
>>
>>>How do I check that these are indeed "official" FC3 image files and are
>>>the same as those offered by the linuxiso website? Running md5sum like
>>>this:
>>
>>>[ohmster@ohmster FC3]$ md5sum FC3-i386-disc1.iso
>>>db8c7254beeb4f6b891d1ed3f689b412 FC3-i386-disc1.iso
>>>[ohmster@ohmster FC3]$
>>
>>>Gives me this huge number that I could check against the md5sum number
>>>on the linuxiso website or ever on the alternate download site, but that
>>
>> Good. You have got it.
>> Now why would that leave lots of room for human error. Any change in the
>> files is likely to cause half of the bits in the md5sum to change. Ie,
>> each character remaining the same has about a 1/16 chance. 5 given
>His point is - comparing the output of md5sum with the actual checksum
>number, by eye, is error prone.

No, it is not. IF the files are not the same, there are liable to be fewer than
3
digits of 32 which agree. Seeing that at least one digits differs if 94% of the
digits differ is not hard to do by eye. The probability that say even 10
(out of 32) digits are the same is very very small.
Ie, comparing by eye has a very very low probability of error.


>There may be some way to pipe the output of md5sum through a compare
>function, but I don't know it. Surely a script wouldn't be too difficult
>to knock up.
>Then again, compairing checksums is not something I do too frequently.

man md5sum

Walter Mautner <newsleaf.20.eatallspam@spamgourmet.com> wrote in
news:tas9k2-jo4.ln1@woodpecker.homnet.at:

> You may download the *.md5 file and run "md5sum -c" against it,
> provided you have the isos in the same directory. See "man md5sum".

Yeah yeah yeah, that is what I want to do, but I am not having much luck,
as you can see. Can someone help with an example perhaps? Thanks.

---------------------------------------------------------------------
[ohmster@ohmster FC3]$ ls -la
total 2334144
drwxr-xr-x 2 ohmster admin 4096 Apr 29 16:54 .
drwx--x--x 104 ohmster ohmster 4096 Apr 29 08:46 ..
-rw-r--r-- 1 ohmster admin 646987776 Nov 9 06:43 FC3-i386-
disc1.iso
-rw-r--r-- 1 ohmster admin 53 Apr 29 16:53 FC3-i386-
disc1.iso.md5
-rw-r--r-- 1 ohmster admin 668520448 Nov 9 06:56 FC3-i386-
disc2.iso
-rw-r--r-- 1 ohmster admin 53 Apr 29 16:53 FC3-i386-
disc2.iso.md5
-rw-r--r-- 1 ohmster admin 667498496 Nov 9 07:46 FC3-i386-
disc3.iso
-rw-r--r-- 1 ohmster admin 53 Apr 29 16:54 FC3-i386-
disc3.iso.md5
-rw-r--r-- 1 ohmster admin 404764672 Nov 9 07:54 FC3-i386-
disc4.iso
-rw-r--r-- 1 ohmster admin 53 Apr 29 16:54 FC3-i386-
disc4.iso.md5
-rw-r--r-- 1 ohmster admin 342 Apr 28 22:53 fc3.txt
[ohmster@ohmster FC3]$ md5sum -c FC3-i386-disc1.iso
md5sum: Ÿ!\½ó8l ú£ê
Üäc÷þ…ñÂxà1ò ,νý\
ú#?àXà°¥�;p=p9°'Ö¨-À¥À½À#ÀÀ¬MÀ,`*
+�*
®în›¡¯�ÛoÅ|:å,O$J€«�s�G
€Í

_…ö¿�ö1x¸Øs ʹã¸èö\�y\: No such file or directory
Ÿ!\½ó8l ú£ê
Üäc÷þ…ñÂxà1ò½ý\
ú#?àXà°¥�;p=p9°'Ö¨-À¥À½À#ÀÀ¬MÀ,`*
+�*
®în›¡¯�ÛoÅ|:å,O$J€«�s�G
€Í

_…ö¿�ö1x¸Øs ʹã¸èö\�y\: FAILED open or read
md5sum: WARNING: 1 of 1 listed file could not be read
[ohmster@ohmster FC3]$
---------------------------------------------------------------------
--
~Ohmster
ohmster at newsguy dot com

Unruh <unruh-spam@physics.ubc.ca> wrote in
news:d4uiad$k7t$1@nntp.itservices.ubc.ca:

>>His point is - comparing the output of md5sum with the actual checksum
>>number, by eye, is error prone.

Yes, that is *exactly* what I am saying.

>
> No, it is not. IF the files are not the same, there are liable to be
> fewer than 3
> digits of 32 which agree. Seeing that at least one digits differs if
> 94% of the digits differ is not hard to do by eye. The probability
> that say even 10 (out of 32) digits are the same is very very small.
> Ie, comparing by eye has a very very low probability of error.

Well if you say so. I just thought that md5sum might check the iso file
against an md5 file and report if there was a match, i.e.: "good" or "bad"
and if so, what is wrong. Of course I am assuming this, I don't actually
know this. Thanks for your time, fellows.

--
~Ohmster
ohmster at newsguy dot com

Ohmster <notareal@emailaddress.com> writes:

>Walter Mautner <newsleaf.20.eatallspam@spamgourmet.com> wrote in
>news:tas9k2-jo4.ln1@woodpecker.homnet.at:

>> You may download the *.md5 file and run "md5sum -c" against it,
>> provided you have the isos in the same directory. See "man md5sum".

>Yeah yeah yeah, that is what I want to do, but I am not having much luck,
>as you can see. Can someone help with an example perhaps? Thanks.

>---------------------------------------------------------------------
>[ohmster@ohmster FC3]$ ls -la
>total 2334144
>drwxr-xr-x 2 ohmster admin 4096 Apr 29 16:54 .
>drwx--x--x 104 ohmster ohmster 4096 Apr 29 08:46 ..
>-rw-r--r-- 1 ohmster admin 646987776 Nov 9 06:43 FC3-i386-
>disc1.iso
>-rw-r--r-- 1 ohmster admin 53 Apr 29 16:53 FC3-i386-
>disc1.iso.md5
>-rw-r--r-- 1 ohmster admin 668520448 Nov 9 06:56 FC3-i386-
>disc2.iso
>-rw-r--r-- 1 ohmster admin 53 Apr 29 16:53 FC3-i386-
>disc2.iso.md5
>-rw-r--r-- 1 ohmster admin 667498496 Nov 9 07:46 FC3-i386-
>disc3.iso
>-rw-r--r-- 1 ohmster admin 53 Apr 29 16:54 FC3-i386-
>disc3.iso.md5
>-rw-r--r-- 1 ohmster admin 404764672 Nov 9 07:54 FC3-i386-
>disc4.iso
>-rw-r--r-- 1 ohmster admin 53 Apr 29 16:54 FC3-i386-
>disc4.iso.md5
>-rw-r--r-- 1 ohmster admin 342 Apr 28 22:53 fc3.txt
>[ohmster@ohmster FC3]$ md5sum -c FC3-i386-disc1.iso

???? what are you doing?
If you want the md5 sum of FC3-i386-disc1.iso do

md5sum FC3-i386-disc1.iso

If you want to check it against the given sum. do
md5sum -c FC3-i386-disc1.iso.md5


>md5sum: Ÿ!\½ó8l ú£ê
>Üäc÷þ…ñÂxà1ò ,νý\
> ú#?àXà°¥�;p=p9°'Ö¨-À¥À½À#ÀÀ¬MÀ,`*
> +�*
> ®în›¡¯�ÛoÅ|:å,O$J€«�s�G
>€Í
>
>_…ö¿�ö1x¸Øs ʹã¸èö\�y\: No such file or directory

Yes, there probably is no such file or directory. It took the first par of
the file FC3-i386-disc1.iso up to the blank and assumed that was teh file
name you wanted to check. It probably was not.


>Ÿ!\½ó8l ú£ê
>Üäc÷þ…ñÂxà1ò½ý\
> ú#?àXà°¥�;p=p9°'Ö¨-À¥À½À#ÀÀ¬MÀ,`*
> +�*
> ®în›¡¯�ÛoÅ|:å,O$J€«�s�G
>€Í
>
>_…ö¿�ö1x¸Øs ʹã¸èö\�y\: FAILED open or read
>md5sum: WARNING: 1 of 1 listed file could not be read