Checking NethServer's ISO Image File Integrity

This is an optional but recommended step.
In this guide, the terms message digest, hash, and checksum are used interchangeably (although some difference may exist).

When downloading and storing a file, data corruption can happen; verifying its integrity is a good practice to ensure you got an unmodified copy of the original file. File checksums are committed to this purpose.

In simple terms, a checksum or hash sum is like a signature or fingerprint that identifies digital data. A copy of a file getting the same computed checksum as the original indicates there is a very high probability the data has not been accidentally altered or corrupted1).

Checking NethServer's ISO image file takes almost no time and prevents further installation problems.

The following examples show different ways to check the integrity of a file.

Online file integrity checkers have the benefit of being multi-platform, installation-free, and easy to use.

There are multiple (free and paid) on-line services offering file integrity checks. Most of them make use of a web form to upload the file to their servers, where the file hash is computed and then shown to the user. Our advice is not to use them, due to privacy concerns (if uploading files with sensitive information), file size upload limits, and possible data upload corruption which defies its own purpose.

There are some on-line services that do the file verification on the client-side, without uploading the file to their servers. One of them is Toolsley Hash & Validate browser-based service, which can be used from GNU/Linux, OS X, Windows and other Operating Systems.



Graphical programs use to provide an intuitive way to accomplish specific tasks, thus making it suitable for most users.

Few Operating Systems integrate a graphical file checksum mechanism, therefore third-party tools might be installed to accomplish the task.

The next examples show how to use some file integrity checkers on different Operating Systems.

DownThemAll! Firefox web browser add-on (works on GNU/Linux, OS X, Windows)
DownThemAll! Firefox add-on is an Open Source download manager that integrates into Mozilla Firefox web browser. Its built-in checksum (hash verification) support allows you to download a file and verify its integrity in the same step, without leaving the web browser.

In short, the operation process has these steps:

  • Get the file checksum/hash from the original source
  • Choose the file to be downloaded (NethServer's ISO image)
  • Choose DownThemAll! as the download manager
  • Paste the checksum in the appropriate DownThemAll! text field
  • Start the download


Once the file has been downloaded, DownThemAll! will verify it against the hash provided previously. In case of a hash mismatch, a dialog will appear informing you of the failure and will give you the option to retry the download, keep the file, or delete the file.

DownThemAll! hash mismatch notification


MultiHasher (works on Windows)
MultiHasher is a freeware file hash calculator. It has an installable version and a portable one. MultiHasher can be integrated into Windows Explorer context menu.

You can also add the files and folders that you want to view their hashes by dragging them into the main window program, or by using the menus.

Its association with the most common file extensions used to distribute hashes makes it very simple to use. You just have to download NethServer's ISO image file and its computed file hash (i.e. MD5, SHA1…) on the same folder. Once the files are in place, opening the checksum file will bring up the MultiHasher program, that in turn will verify the integrity of the ISO image file against it.



GtkHash (works on GNU/Linux)
GtkHash is Free Software for computing message digests or checksums. It can be installed from the Software/Package Manager of most GNU/Linux distributions.

Its use is very simple:

  • Open GtkHash program
  • Select the file to be verified
  • Paste the checksum of the file
  • Press the [Hash] button

There are additional packages you can install to integrate GtkHash into multiple file managers like Nautilus, Nemo, and Thunar.



7-Zip (works on Windows)
Althought 7-Zip is a file archiver, it adds a CRC, SHA… context menu entry to ISO image files. This menu allows you to compute the hashes and visually compare them against the original ones. 7-Zip is Open Source software.

7-Zip context menu and hashing


Operating Systems like GNU/Linux and OS X have built-in command-line tools to compute and compare file checksums. Therefore, there is no need to install third-party tools.

To run any of the following commands in GNU/Linux or OS X, open a Terminal window, and navigate where the file is (or type the full file path).

When typing a command, you can use tab completion by pressing the [⭾ Tab] Key.
Partial text will be completed. If the typed text matches multiple options, they will be shown.

You can also type a command followed by a space, then drag and drop the file into the terminal window. This avoids the need to manually type the file path.

Getting and comparing MD5 checksums
In both, GNU/Linux and Mac OS X Operating Systems, you can use the openssl command to get the MD5 hash of a file:

openssl md5 path-to-file

Example:

openssl md5 nethserver-6.7-x86_64.iso

This command will output a computed file hash that can be manually compared against the original one:

MD5(nethserver-6.7-x86_64.iso) = 695ac8fe87b21501cc438abc411d8f02

On Mac OS X, you can also use the md5 command to get the same result:

md5 nethserver-6.7-x86_64.iso

On GNU/Linux, you can also get the MD5 file hash using the md5sum command,

md5sum nethserver-6.7-x86_64.iso
695ac8fe87b21501cc438abc411d8f02  nethserver-6.7-x86_64.iso

and if you have downloaded the original MD5 file hash to the same folder as NethServer's ISO image, you can use md5sum command to check its integrity:

md5sum -c path-to-file

or

md5sum --check path-to-file

Example:

md5sum --check nethserver-6.7-x86_64.iso.md5
nethserver-6.7-x86_64.iso: OK

Getting and comparing SHA1 checksums
In both, GNU/Linux and Mac OS X Operating Systems, you can use openssl or shasum command to get the SHA1 hash of a file:

openssl sha1 path-to-file
shasum path-to-file

openssl example:

openssl sha1 nethserver-6.7-x86_64.iso
SHA1(nethserver-6.7-x86_64.iso)= 1e4d822b92d391c2f5d93f33af8a034cdcf2cf7e

shasum example:

shasum nethserver-6.7-x86_64.iso
1e4d822b92d391c2f5d93f33af8a034cdcf2cf7e  nethserver-6.7-x86_64.iso

If you have downloaded the original SHA1 file hash to the same folder as NethServer's ISO image, you can check its integrity with the shasum command:

shasum -c path-to-file

or

shasum --check path-to-file

Example:

shasum --check nethserver-6.7-x86_64.iso.sha1
nethserver-6.7-x86_64.iso: OK

On GNU/Linux, you can also use the sha1sum command in place of shasum.

Getting and comparing hashes computed with other message digest algorithms
If you need to check the integrity of a file against a hash computed with other algorithms, you can do so with the appropriate command:

  • openssl supports a wide range of message digest algorithms. For further details, refer to its manual.
  • shasum defaults to SHA1 message digest algorithm, but the used algorithm can be explicitly set with the -a and --algorithm options. Refer to the shasum manual to get more information.
  • On GNU/Linux, there are specific commands for other algorithms, like the sha224sum, sha256sum, sha384sum, and sha512sum commands. Refer to your Operating System manual.

Alternative programs might exist on each Operating System.

1)
Security flaws where identified in MD5 and SHA-1 algorithms; they are still useful for error checking, where data tampering is not a primary concern, but the use of stronger hash functions would be desirable.