We use MD5deep, because it has a recursive option which we discuss in this article.
For now, though, we are just going to cover how to verify the MD5 checksum on a file.
Grab the MD5 checksum from a site authoritative for your software package, and grab the software from a mirror site.
Of course, you can make an MD5 checksum for any file, so grabbing the MD5 checksum from the same site that you grab your software from doesn’t do much good.
Here is how to verify the checksum.
We are using Tomcat as an example:
u-1@srv-1 u-1 $ md5 -v md5deep version 0.16 by Jesse Kornblum. u-1@srv-1 u-1 $ u-1@srv-1 u-1 $ md5 jakarta-tomcat-5.0.27.tar.gz b802ee042677e284bcf65738c7bdc3b6 /home/u-1/jakarta-tomcat-5.0.27.tar.gz u-1@srv-1 u-1 $ cat jakarta-tomcat-5.0.27.tar.gz.md5 b802ee042677e284bcf65738c7bdc3b6 u-1@srv-1 u-1 $ |
They look the same.
Let’s use cut to compare the sums:
u-1@srv-1 u-1 $ md5 jakarta-tomcat-5.0.27.tar.gz | cut -d " " -f 1 > o u-1@srv-1 u-1 $ diff o jakarta-tomcat-5.0.27.tar.gz.md5 u-1@srv-1 u-1 $ |
If we use cut on the / character, we will get a couple extra spaces at the end.
This will verify our test somewhat:
u-1@srv-1 u-1 $ md5 jakarta-tomcat-5.0.27.tar.gz | cut -d / -f 1 > o u-1@srv-1 u-1 $ diff o jakarta-tomcat-5.0.27.tar.gz.md5 1c1 < b802ee042677e284bcf65738c7bdc3b6 --- > b802ee042677e284bcf65738c7bdc3b6 u-1@srv-1 u-1 $ |
