How to check the checksum through commandline?

echo "19asdasdasd56462e44d61a093ea57e964cf0af05c0e  httpd-2.4.7.tar.bz2" \
  | shasum -c

I use the exit code of the previous/last command:

If the checksum is valid the exit code of the last executed command is 0:

> echo "${PROMETHEUS_CHECKSUM} prometheus-${PROMETHEUS_VERSION}.linux-arm64.tar.gz" | sha256sum -c
> echo $?                                                                                         
0

If the checksum is not correct, then the exit code is different than 0:

> export PROMETHEUS_CHECKSUM='some garbage'
> echo "${PROMETHEUS_CHECKSUM} prometheus-${PROMETHEUS_VERSION}.linux-arm64.tar.gz" | sha256sum -c
prometheus-2.0.0.linux-arm64.tar.gz: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match
> echo $?                                                                                         
1

And here is the whole example with an if statement:

#!/bin/bash

...

echo "${PROMETHEUS_CHECKSUM} prometheus-${PROMETHEUS_VERSION}.linux-arm64.tar.gz" | sha256sum -c

if [ $? != 0 ]; then
  echo 'Prometheus checksum is not valid'
  exit 1
fi

Simply using grep seems to be the best approach:

> shasum httpd-2.4.7.tar.bz2 | grep 19ed9ee56462e44d61a093ea57e964cf0af05c0e

The checksum will be highlighted when it is correct:

Command execution snapshot

And when checksum is incorrect, nothing shows.

Also:

  • Check $? in bash scripting. grep exits with code 0 while something is found, and code 1 while nothing found.
  • If you are given an upper-case checksum, use grep -i <CHECKSUM>.
  • This approach is typically used in situations when you can ensure that checksum doesn't exist in the file name, like, curl -o or wget -O then check.

shasum httpd-2.4.7.tar.bz2 |
  awk '$1=="19asdasdasd56462e44d61a093ea57e964cf0af05c0e"{print"good to go"}'

So normally you get this output from shasum

19asdasdasd56462e44d61a093ea57e964cf0af05c0e *httpd-2.4.7.tar.bz2

What my command does it is takes the first field $1, and compares it against your string. If the strings match, then awk prints "good to go".

Note that for anything other than sha-1, you need to specify your algorithm. For example, for sha 256, you can do:

shasum -a256 httpd-2.4.7.tar.bz2

The -a flag specifies the algorithm.