Checksum

[trainstroker]

I'm on an osx machine and have some questions. when I try to do openssl dgst -sha1 Fedora... .iso i get a different sha1 hash than is in the CHECKSUM file. Could someone please explain what's going on? also, i forced a recheck twice in my torrent client and it seems to be ok.

[madhavdiwan]

which fedora disk? and which checksum file?

if you provide URL links i can verify it myself and let you know if there is really a problem

[trainstroker]

fedora 12 i386 DVD torrent. When I downloaded it, the torrent had a CHECKSUM file with SHA1 and a PGP for the files... i think im just doing it wrong and i want to learn what is up.

---------- Post added at 07:40 AM CST ---------- Previous post was at 07:25 AM CST ----------

ok so what was labeled as sha1 in the CHECKSUM file is sha256... i used openssl dgst -sha256 Fedora...iso and it worked and matched...

[markkuk]

The label is part of the GPG signature wrapper, it doesn't refer to the checksum included in the file.

[madhavdiwan]

looks OK to me ,

usually the Sha file has more than one checksum listed in it .. there is one specifically for the dvd at the bottom of the list .. are you certain you are comparing against the correct sum?

[trainstroker]

see above post^^

[smr54]

Just to clarify--you're seeing something like

SHA1SUM

then a bunch of checksums for various isos.

It's confusing--those checksums are actually sha256 sums.

As trainstroker points out, that big SHA1 refers to the GPG sig. It does NOT refer to the checksums.

I think they were planning to get that fixed by the F13 release. Folks, who I assume work with them more than I do tell me it's really easy to tell by the length of the checksum, but to me, it's just a long string, whether it's 50 something or 70 something characters.

It is mentioned in the documentation (if you go to the download page, you'll see a link about verifying), but don't worry--even the nice folks at distrowatch were confused by the layout.