I always wondered why we couldn’t just use a simple bash command line to verify that the downloaded packages have be corrupted or not. Under Debian and thus Ubuntu and other derivatives, the md5sum tool has to be installed and used for that purpose. If your system doesn’t have md5sum (used in the example here) or another MD5 hash checking tool, then you will need to install one. There are a lot number in the web that you will find by searching for md5sum.
First open a terminal and go to the correct directory to check a downloaded .iso file:
$ cd /<path.to.directory>
Then run the following commands from within the download directory:
Highlight & copy the whole name of the .iso file & paste it after the following command & hit the Enter key:
$ md5sum <name.iso>
md5sum should then print out a single line after calculating the hash, for example:
$ 8044d756b7f00b695ab8dce07dce43e5 <name>.iso
Compare the hash (the alphanumeric string on left) that your machine calculated with the corresponding hash from the download page of the .iso . If they match your download is not corrupt. If they don’t match you need to download the .iso again.
Save the previous printed line in a single text file and then check with
md5sum -c <filename.iso.md5> command.
Entering the following in a console within a folder containing a correctly formed *.md5 and one ISO file will verify that the md5sum of the *.iso or other file, is the same as that specified in the *.md5 file:
$ md5sum -c <filename.iso.md5>
An example for the manjaro-xfce-0.8.8-i686.iso using manjaro-xfce-0.8.8-i686.iso.md5 file which should contain the following:
To checksums sha256 use sha256sum command:
Place the file containing the checksums in the same directory as your ISO file downloads, and then run in a terminal:
$ sha256sum --check $CHECKSUM-FILE
Make sure to pass the name of the *.sha256sum.txt file, and not the ISO file!