Ubuntu

Ambiguous result from sha256sum checking of Xubuntu 16.04 LTS ISO file

Asked by Alberto

Hello Techies,
I'm writing to You from a Live session of Xubuntu 14.04 LTS.

I'm trying and sha256sum checking the final release image of Xubuntu 16.04 LTS (32 bit)
I downloaded from the France mirror according to http://xubuntu.org/getxubuntu/.

The hash generated by sha256sum matches with the one given by the mirror.

More, I read the manual for sha256sum and tried to type to terminal:

sha256sum -c --strict xubuntu-16.04-desktop-i386.iso

The result is as follows:

sha256sum: 101 restricted/binary-i386/Release: No such file or directory
     101 restricted/binary-i386/Release: FAILED open or read
sha256sum: 1605 restricted/binary-i386/Packages.gz: No such file or directory
    1605 restricted/binary-i386/Packages.gz: FAILED open or read
sha256sum: 3694 restricted/binary-i386/Packages: No such file or directory
    3694 restricted/binary-i386/Packages: FAILED open or read
sha256sum: 99 universe/binary-i386/Release: No such file or directory
      99 universe/binary-i386/Release: FAILED open or read
sha256sum: 40 universe/binary-i386/Packages.gz: No such file or directory
      40 universe/binary-i386/Packages.gz: FAILED open or read
sha256sum: 0 universe/binary-i386/Packages: No such file or directory
       0 universe/binary-i386/Packages: FAILED open or read
sha256sum: 101 multiverse/binary-i386/Release: No such file or directory
     101 multiverse/binary-i386/Release: FAILED open or read
sha256sum: 40 multiverse/binary-i386/Packages.gz: No such file or directory
      40 multiverse/binary-i386/Packages.gz: FAILED open or read
sha256sum: 0 multiverse/binary-i386/Packages: No such file or directory
       0 multiverse/binary-i386/Packages: FAILED open or read
sha256sum: 95 main/binary-i386/Release: No such file or directory
      95 main/binary-i386/Release: FAILED open or read
sha256sum: 6931 main/binary-i386/Packages.gz: No such file or directory
    6931 main/binary-i386/Packages.gz: FAILED open or read
sha256sum: 18161 main/binary-i386/Packages: No such file or directory
   18161 main/binary-i386/Packages: FAILED open or read
sha256sum: WARNING: 4504774 lines are improperly formatted
sha256sum: WARNING: 12 listed files could not be read

I'm worried about it and I wonder whether I made a mistake adding the options "-c" and "-strict" to the sha256sum command.
On the one hand the hashes match and on the other hand I read "FAILED", "No such file or directory", WARNING etc.

I followed the same procedure with the same ISO file from the German mirror and I got the same ambiguous result.

What do you think? Some suggestions?
Many thanks, Alberto

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:

This question was reopened

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

Where did you download the file to ?
Is your pwd in the same folder as the file you downloaded?

Revision history for this message
Alberto (alby-the-baldy) said : 		#2

Hello Andrew,
I downloaded the file to an external HDD.
I had planned to burn the ISO file to a DVD to have a Live session and to start from to instal 16.04 to the hard disk.

If by pwd you intend hash, yes, ISO file and a txt I created to write the hashes in are in the same folder.

|
|_ FOLDER
          |_Download from France mirror (ISO file, hashes.txt)
          |
          |_Download from German mirror (ISO file, hashes.txt)

But...
After your answer I tried and cut both hashes.txt to a pen drive in order to put some distance (!) between hashe.txt and ISO file and I unplugged the pen. (Feeling silly)
Then I performed a new sha256sum but the result was as follows:

xubuntu@xubuntu:/media/xubuntu/476 GiB Volume/Xubuntu-16-04-LTS/Xubuntu-16-04-LTS-from-France-mirror$ sha256sum -c --strict xubuntu-16.04-desktop-i386.iso
sha256sum: 101 restricted/binary-i386/Release: No such file or directory
     101 restricted/binary-i386/Release: FAILED open or read
sha256sum: 1605 restricted/binary-i386/Packages.gz: No such file or directory
    1605 restricted/binary-i386/Packages.gz: FAILED open or read
sha256sum: 3694 restricted/binary-i386/Packages: No such file or directory
    3694 restricted/binary-i386/Packages: FAILED open or read
sha256sum: 99 universe/binary-i386/Release: No such file or directory
      99 universe/binary-i386/Release: FAILED open or read
sha256sum: 40 universe/binary-i386/Packages.gz: No such file or directory
      40 universe/binary-i386/Packages.gz: FAILED open or read
sha256sum: 0 universe/binary-i386/Packages: No such file or directory
       0 universe/binary-i386/Packages: FAILED open or read
sha256sum: 101 multiverse/binary-i386/Release: No such file or directory
     101 multiverse/binary-i386/Release: FAILED open or read
sha256sum: 40 multiverse/binary-i386/Packages.gz: No such file or directory
      40 multiverse/binary-i386/Packages.gz: FAILED open or read
sha256sum: 0 multiverse/binary-i386/Packages: No such file or directory
       0 multiverse/binary-i386/Packages: FAILED open or read
sha256sum: 95 main/binary-i386/Release: No such file or directory
      95 main/binary-i386/Release: FAILED open or read
sha256sum: 6931 main/binary-i386/Packages.gz: No such file or directory
    6931 main/binary-i386/Packages.gz: FAILED open or read
sha256sum: 18161 main/binary-i386/Packages: No such file or directory
   18161 main/binary-i386/Packages: FAILED open or read
sha256sum: WARNING: 4504774 lines are improperly formatted
sha256sum: WARNING: 12 listed files could not be read

Quite the same, to me...
Thanks
Regards, Alberto

Revision history for this message
Alberto (alby-the-baldy) said : 		#3

Hello Andrew,
I re-installed Xubuntu 14.04 LTS, updated and tried to perform a new sha256sum to the ISO file. Hashes are in my unplugged pen drive. The result does not change...

Revision history for this message
Alberto (alby-the-baldy) said : 		#4

Hello Andrew, hello Techies,
eventually I found a way to check the integrity of the ISO file.
It seems obvious in retrospect...
I burnt it to a DVD, then I booted the machine from it in order to start a Live session.
At the very beginning of the start procedure I pressed F1 and selected "Check disc for defects" in the external menu.
This took some minutes and the result was that no errors had been found.

I didn't find any explanation about the errors I got running: sha256sum [file] -c --strict
and about why the hashes actually match. It's probably matter for developers.
But I feel happy I found a way to keep on with my installation.

Revision history for this message
Alberto (alby-the-baldy) said : 		#5

To me there are two possible explanations:

1. sha256sum -c --strict [ISO] is NOT a proper procedure, as the result is full of errors,

2. my sha256sum command is corrupted and doesn't work properly. So I can't check the ISO.

What do you think?

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#6

md5sum filename.iso

Copy the generated hash and paste it into a websearch. If you get hits then you are good.

Revision history for this message
Alberto (alby-the-baldy) said : 		#7

Hello Andrew!
Well, I downloaded the hashes from the same Xubuntu site I downloaded the ISO.
The hashes match, of course.
Nevertheless if I add -c --strict options I get similar result I get adding the same options to sha256sum.

I didn't use md5sum so far because "man md5sum" says:

[...]BUGS
 The MD5 algorithm should not be used any more for security related purposes. Instead, better use an SHA-2 algorithm, implemented in the programs sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1) [...]

That's why I preferred using sha256sum.
And what I'd like to understand from some of you Techie is if preferring sha256sum and adding the above mentioned options is correct or not. If it's not I go back to simple md5sum command.
I feel concerned because my installation seems to have some weird problems, according to questions 293996 and especially 294103.

Many thaks for your attention.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#8

cd ~/Downloads
wget http://releases.ubuntu.com/xenial/MD5SUMS
md5sum -c MD5SUMS | grep OK

Easy peasy. No output equals bad file.

Revision history for this message
Alberto (alby-the-baldy) said : 		#9

I need you to be a bit more vorbose :-)
Can you please explain step by step what I'm suggested to do?
Thanks by a newbie

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#10

I assumed the ISO is in your downloads folder.
Run each line one at a time, in a terminal.

Revision history for this message
Alberto (alby-the-baldy) said : 		#11

I did it.
The result is:

alberto@jalopy:~/Downloads$ md5sum -c MD5SUMS | grep OK
md5sum: ubuntu-16.04-desktop-amd64.iso: No such file or directory
md5sum: ubuntu-16.04-desktop-i386.iso: No such file or directory
md5sum: ubuntu-16.04-server-amd64.img: No such file or directory
md5sum: ubuntu-16.04-server-amd64.iso: No such file or directory
md5sum: ubuntu-16.04-server-i386.img: No such file or directory
md5sum: ubuntu-16.04-server-i386.iso: No such file or directory
md5sum: WARNING: 6 listed files could not be read

Ehm, so?

Revision history for this message
Alberto (alby-the-baldy) said : 		#12

Well, I run Xubuntu, not Ubuntu...

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#13

Then the file is not in the folder. Move the file to the Downloads folder and rerun

Revision history for this message
Alberto (alby-the-baldy) said : 		#14

The file is in the folder, actually.
But I downloaded Ubuntu hashes, when my ISO is Xubuntu.
I followed the procedure you told me but for Xubuntu and the result (for xubuntu-16.04-desktop-i386.iso) is:
ok.

And I'm glad, even because I learned something new. Command line use is intriguing...

So: do you think --strict option is not proper, just a weird idea of a newbie? Do you think I can avoid adding it?
Thanks

Revision history for this message
Alberto (alby-the-baldy) said : 		#15

Or:

do you think it has sense running:

md5sum --strict MD5SUMS | grep OK

?

Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#16

In my opinion there is some kind of misunderstanding.

The command
sha256sum -c --strict xubuntu-16.04-desktop-i386.iso
is wrong. You should provide the checksum file after the -c option, not the .iso file.

I want to suggest a different method for verifying that the .iso file is ok:
Follow https://help.ubuntu.com/community/VerifyIsoHowto
The SHA256SUMS and SHA256SUMS.gpg files are available on http://cdimage.ubuntu.com/xubuntu/releases/16.04/release/

Your last comment/question

do you think it has sense running:
md5sum --strict MD5SUMS | grep OK
?

makes sense; you could even better do

sha256sum --strict sha256SUMS | grep OK

to verify that your .iso file is genuine (which I am quite sure).

Revision history for this message
Alberto (alby-the-baldy) said : 		#17

Hello Manfred,
I agree, there's been some misunderstanding.
What I wanted to know is whether the command I typed is wrong or right.
Now I know I wrote a wrong command, I made a syntax error... This is exactly what I wanted to know.
I'm going to study the "Verify Iso How to" link, at first sight it looks interesting.

Your answer solved my problem!
Many many thanks

P.S. Thanks to Andrew, too...

Revision history for this message
Alberto (alby-the-baldy) said : 		#18

Thanks Manfred Hampl, that solved my question.