[vox-tech] Debian Net Install Question
Richard Harke
rharke at earthlink.net
Thu Jan 6 13:14:25 PST 2005
On Thursday 06 January 2005 11:48, Ken Bloom wrote:
> On Thu, 6 Jan 2005 10:53:05 -0800
>
> "Robert G. Scofield" <rscofield at afes.com> wrote:
> > Thanks for your help. I'm saving all these posts to put in my Linux
> > binder.
> >
> > But here's a question. What is the meaning of the message
> > "sarge-i386-netinst.iso: OK" when I run "md5sum sarge-i386-netinst.iso
> >
> > | mdsum -c", "sarge-i386-netinst.iso: OK"?
>
> Assuming you mean md5sum -c, it means that nobody edited
> sarge-i386-netinst.iso betweent he first check (run by md5sum) and the
> second check (run by md5sum -c)
>
> the -c option means it should take a list of files and md5sums which are
> the output of a previous md5sum command and use that to check the
> appropriately named files in the current directory.
You should download the file with the checksum, not just note the checksum.
Use the checksum file as input to md5sum with the -c option
for example:
md5sum glarbfile.iso >checksumfile
creates the checksum file
md5sum -c checksumfile
verifies it. You don't need to type the name of the file you're testing as it
is in the checksum file.
But beware -- my version of md5sum does not give an OK when the checksum
matches; it only complains if it is wrong (Unix style minimal output)
The checksum file contains the file name and the checksum as well as a flag
for binary or text. I have found that different versions of md5sum may put
these in the file in different orders. i.e., The downloaded checksum file may
not work with your version md5sum. In this case you can tweak the file
with your favourite text editor (or fall back to eyeballing it.)
A lot of files now are also signed cryptographically which is much stronger
well, not stronger as far as bit errors during download but much stronger
against crackers. It does require you to get the signers public key
somehow.
Richard Harke
More information about the vox-tech
mailing list