Skip to content

Instantly share code, notes, and snippets.

@thanoskoutr

thanoskoutr/check-sha256sum-release.md

Created July 3, 2023 15:34
Show Gist options
  • Save thanoskoutr/12afbd6b87d8c0126f344cfae75769e3 to your computer and use it in GitHub Desktop.
Save thanoskoutr/12afbd6b87d8c0126f344cfae75769e3 to your computer and use it in GitHub Desktop.
Download ZIP
Compare the sha256sum of a Release from GitHub
Raw
check-sha256sum-release.md

About

When we download a release from any project on GitHub we need to verify the integrity of the downloaded artifact. That is way most project come with their SHA256 checksums file, that we can download and compare with the calculated SHA256 checksum of the downloaded artifact.

For example, to download the latest version (3.1.1) of openssl for a Linux 64-bit system and verify its integrity with the SHA256 checksum:

$ curl -OL "https://github.com/openssl/openssl/releases/download/openssl-3.1.1/openssl-3.1.1.tar.gz"
$ curl -OL "https://github.com/openssl/openssl/releases/download/openssl-3.1.1/openssl-3.1.1.tar.gz.sha256"
$ echo "$(cat openssl-3.1.1.tar.gz.sha256)" "openssl-3.1.1.tar.gz" | sha256sum --check

Dependencies

  • curl
  • sha256sum
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment