UbuntuHelp:HowToMD5SUM
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
The program md5sum is designed to verify data integrity using the MD5 (Message-Digest algorithm 5) 128-bit cryptographic hash. MD5 hashes used properly can confirm both file integrity and authenticity. In terms of integrity, an MD5 hash comparison detects changes in files that would cause errors. The possibility of changes (errors) is proportional to the size of the file; the possibility of errors increase as the file becomes larger. It is a very good idea to run an MD5 hash comparison check when you have a file like an operating system install CD that has to be 100% correct. In terms of security, cryptographic hashes such as MD5 allow for authentication of data obtained from insecure mirrors. The MD5 hash must be signed or come from a secure source (an HTTPS page) of an organization you trust. See the MD5SUMS file for the release you're using under http://releases.ubuntu.com (and optionally the PGP signatures in the MD5SUMS.gpg file), or refer to the secure UbuntuHashes page for the official list of Ubuntu MD5 hashes. While security flaws in the MD5 algorithm have been uncovered, MD5 hashes are still useful when you trust the organization that produces them. Moving to more secure hashes like SHA-256 and Whirlpool is under discussion.
目录
md5sum
The official page containing MD5 hashes for Ubuntu, Kubuntu, Edubuntu and Xubuntu is UbuntuHashes. <<Anchor(linux)>>
MD5SUM on Linux
Most Linux distributions come with the md5sum utility so installation is usually unnecessary. We are going to use the Ubuntu 8.10 LiveCD for the following example:
Check the iso file
Manual method
First open a terminal and go to the correct directory to check a downloaded iso file:
cd download_directory
Then run the following command from within the download directory.
md5sum ubuntu-8.10-desktop-i386.iso
md5sum should then print out a single line after calculating the hash:
24ea1163ea6c9f5dae77de8c49ee7c03 ubuntu-8.10-desktop-i386.iso
Compare the hash (the alphanumeric string on left) that your machine calculated with the corresponding hash on the UbuntuHashes page. An easy way to do this is to open the UbuntuHashes page in your browser, then copy the hash your machine calculated from the terminal into the "Find" box in your browser (in Firefox you can open the "Find" box by pressing <Ctrl> <F>). When both hashes match exactly then the downloaded file is almost certainly intact. If the hashes do not match, then there was a problem with either the download or a problem with the server. You should download the file again from either the same mirror, or from a different mirror if you suspect a server error. If you continuously receive an erroneous file from a server, please be kind and notify the webmaster of that mirror so they can investigate the issue.
Semi-automatic method
Ubuntu distributes the MD5 hashes in a file called MD5SUMS near the bottom of the download page for your release http://releases.ubuntu.com. First download the MD5SUMS file to the same directory as the iso. Then run the following in a terminal.
cd download_directory md5sum -c MD5SUMS
md5sum will generate a bunch of warnings. Don't worry: the OK message will be buried somewhere within it!
md5sum: ubuntu-8.10-alternate-amd64.iso: No such file or directory ubuntu-8.10-alternate-amd64.iso: FAILED open or read md5sum: ubuntu-8.10-alternate-i386.iso: No such file or directory ubuntu-8.10-alternate-i386.iso: FAILED open or read md5sum: ubuntu-8.10-desktop-amd64.iso: No such file or directory ubuntu-8.10-desktop-amd64.iso: FAILED open or read ubuntu-8.10-desktop-i386.iso: OK md5sum: ubuntu-8.10-netbook-remix-i386.img: No such file or directory ubuntu-8.10-netbook-remix-i386.img: FAILED open or read md5sum: ubuntu-8.10-server-amd64.iso: No such file or directory ubuntu-8.10-server-amd64.iso: FAILED open or read md5sum: ubuntu-9.04-server-i386.iso: No such file or directory ubuntu-8.10-server-i386.iso: FAILED open or read md5sum: wubi.exe: No such file or directory wubi.exe: FAILED open or read md5sum: WARNING: 7 of 8 listed files could not be read
In this case the message we want is on the seventh line.
ubuntu-8.10-desktop-i386.iso: OK
Success?
Once you have verified the md5 hash, go ahead and burn the CD. You may want to refer to the BurningIsoHowto page.
Check the CD
So far so good, you have downloaded an iso and verified its integrity. When you boot from the CD you will be given the option to test its integrity. Great, but if the CD is corrupt then you have already wasted time rebooting. You can check the integrity of the CD without rebooting as follows.
Checking the CD directly
You would think you could simply use a command like this to get the MD5 hash of a burned image:
md5sum /dev/cdrom
However this almost always NOT be the same hash as the iso image that was burned to the disk, because this command includes the empty space at the end of the disk, which changes the hash. So you must check only the part of the disk that was on the iso.
Manual method
First we need to know the size of the iso image. You could open up your favorite graphical file manager such as Nautilus or Dolphin, but since you need to use the command line anyways, you might as well use ls.
ls -l ubuntu-8.10-desktop-i386.iso -rw-r--r-- 1 jsmith jsmith 732766208 2008-10-28 23:24 ubuntu-8.10-desktop-i386.iso
Now that we know the size of our iso image is 732766208, we can use dd to pipe only 732766208 bytes from our cdrom device into md5sum. Use a block size of 1 and set count to the size of the iso image. Note that this will probably take several minutes, so grab a snack and come back in a while.
dd if=/dev/cdrom bs=1 count=732766208 | md5sum 732766208+0 records in 732766208+0 records out 24ea1163ea6c9f5dae77de8c49ee7c03 - 732766208 bytes (733 MB) copied, 563.666 s, 1.3 MB/s
You could probably speed this up by using a larger block size (bs) and dividing count by the new block size. Since all iso images are multiples of 2048, that is an appropriate block size. Check the calculated hash (in this case 24ea1163ea6c9f5dae77de8c49ee7c03) against UbuntuHashes as shown for the iso file above. Depending on your system, you may need to change cdrom to cdrom0 (or even cdrom1 if you have two CD drives).
Automated Script
Here is a shell script that will check the md5 hash of a burned disk and compare it to the hash of an iso image. Copy and paste it into your favorite text editor and save it as eg. `hashcdrom.sh`.
#!/bin/sh #Compares the checksums of an iso9660 image and a burned disk. #This script is released into the public domain by it's author. if [ -n "$BASH" ]; then shopt -s expand_aliases fi if [ -n "$CHECKSUM" ]; then alias CHECKSUM="$CHECKSUM" elif which md5deep > /dev/zero; then alias CHECKSUM='md5deep -e' else alias CHECKSUM='md5sum' fi if [ -n "$2" ]; then DISKDEVICE="$2" else DISKDEVICE='/dev/cdrom' fi CSUM1=`CHECKSUM "$1" | grep --only-matching -m 1 '^[0-9a-f]*'` echo 'checksum for input image:' $CSUM1 SIZE=`stat -c '%s' "$1"`; BLOCKS=`expr $SIZE / 2048`; CSUM2=`dd if="$DISKDEVICE" bs=2048 count=$BLOCKS 2> /dev/zero | CHECKSUM | grep --only-matching -m 1 '^[0-9a-f]*'` echo 'checksum for output disk:' $CSUM2 if [ "$CSUM1" = "$CSUM2" ]; then echo 'verification successful!' else echo 'verification failed!' fi
Now open a terminal and type
sh /path/to/hashcdrom.sh /path/to/ubuntu-8.10-desktop-i386.iso /dev/mycdromdevice
Note that if your cdrom device is /dev/cdrom, you can omit that parameter. It should print out something like
checksum for input image: 24ea1163ea6c9f5dae77de8c49ee7c03 checksum for output disk: 24ea1163ea6c9f5dae77de8c49ee7c03 verification successful!
If you verified that the iso image is okay (above), than you need not check the hash against UbuntuHashes. This script has some nifty features. For example, if md5deep is installed (`sudo aptitude install md5deep`), it will use it to print out some progress information, such as how many bytes copied. You can also make it use different hashing algorithms such as sha256 and whirlpool by setting the CHECKSUM environment variable to the command you want to use to create the hash:
export CHECKSUM='whirlpooldeep -e' sh /path/to/hashcdrom.sh /path/to/ubuntu-8.10-desktop-i386.iso /dev/mycdromdevice
This shell script depends on certain features found only in GNU grep, so it probably will not work on systems that do not ship the GNU utilities.
Check the files on the CD
The MD5 hashes for every file on the CD are listed in a file called md5sum.txt. You can use this file to check the integrity of all the files on the CD.
cd /media/cdrom md5sum -c md5sum.txt | grep -v "OK$"
This will automatically check every file against the MD5 hashes stored in the file. (Again, you may need to change cdrom, depending on your system). Beware, it can take a long time so don't worry if your terminal seems to have hung; provided the CD drive is still accessing, it is probably still working. It should not output anything if it there were no errors, and an error message if a file failed the check. The `grep` command filters out all of the files that pass the check, because there are usually a lot of them.
Success?
Congratulations, you now have a verified Ubuntu CD. Go ahead and use it (or play frisbee with it if you want).
MD5SUM on Mac OS X
There are three methods of using md5sum on an OS X machine. Method 1 - The easiest (if MD5 is available) is using the Disk Utility program (Applications > Utilities, or by choosing "Utilities" from the Finder's "Go" menu). Open Disk Utility and wait for it to gather information about your disks. Go to the directory where you downloaded the Ubuntu disk image, and drag it to Disk Utility's dock icon (displays on the left-hand side of Disk Utility, underneath your physical drives). Select the iso file. Go to the "Images" menu and select Checksum > MD5. Be sure to choose "MD5" and NOT "MD5 image checksum" or "CRC-32 image checksum", as they are not the same and will give you different results. Method 2 - If MD5 is not available in the Images > Checksum menu, open a terminal window (Applications > Utilities > Terminal.app). Type "md5", type a space, drag the iso file into the terminal window (appends command with iso file path), and press Enter. The command line returns the hash number. Method 3 - You can use the Terminal.app and follow the instructions for [[UbuntuHelp:[linux|MD5SUM on Linux]]], except use the command "openssl md5" instead of "md5sum". Each method returns a hash number. Compare the hash number with the corresponding hash on the UbuntuHashes page. When both hashes match exactly, then the downloaded file is almost certainly intact. If the hashes do not match, then there was a problem with either the download or a problem with the server. You should download the file again from either the same mirror, or from a different mirror if you suspect a server error. If you continuously receive an erroneous file from a server, please notify the webmaster of that mirror so they can investigate the issue.
digest(1) on Solaris
Use the Solaris digest(1) command, specifying the md5 algorithm with the -a flag. For instance:
$ digest -a md5 ubuntu-8.10-desktop-i386.iso 24ea1163ea6c9f5dae77de8c49ee7c03
MD5SUM on Windows
Windows does not come with md5sum. You must download one from another location, preferably one that you trust. There are command line utilities (md5sum.exe) that work similarly to the Unix utility; one public domain version with source is available from Fourmilab, but the version available from Cygwin is probably easier to install and update, and Cygwin is also recommended and trusted as the source for many more Unixy utilities. Once installed, Cygwin's md5sum behaves exactly as described in MD5SUM on Linux above.
There are also graphical tools such as the one used in the walk-through provided below.
- Download and install winMD5Sum, a free and open source hash verification program.
- Right-click the ISO file.
- Click Send To, then `winMD5Sum`.
- Wait for `winMD5Sum` to load and finish the checksum (this may take a significant amount of time depending on your computer's performance).
- Copy the corresponding hash from UbuntuHashes into the bottom text box.
- Click "Compare"
- A message box will say "MD5 Check Sums are the same" if the hashes are equal.
MD5SUM on CD
To see if your Ubuntu CD was corrupted when burned to the disk, see the CDIntegrityCheck page, or follow the instructions below. First mount the CD, if not already mounted:
sudo mount /dev/hda /cdrom
Then use the supplied md5sum file on the CD:
cd /cdrom md5sum -c md5sum.txt | grep -vi 'OK$'
Be patient, it takes some time. If the command outputs any errors, you'll know that either the burn was bad or the .iso is corrupt. Please note that this method does not verify authenticity unless the hash of the iso file is compared to the hash at the secure UbuntuHashes page. Finally, you can unmount the CD after leaving the folder:
cd / sudo umount /dev/hda
