Process Substitution and SHA256 Checksum

Hey everyone!

When you verify the SHA256 checksum of a downloaded file you can copy the checksum from the website, paste it into an editor, run the shasum -a 256 command, paste the checksum into that same editor and compare them by eye.

Or, use the diff command and process substitution to do it, and never have to trust your eyeballs again (you should still keep them open while driving though).

I put together this video to show how easy it is to do this. Enjoy!

Thanks for reading!

–jsp

 

Quickly Diff Two Strings in Bash Shell

Hey everyone!

UPDATE: Check out this video at Makoto TV:

I am working on a Raspberry Pi 3 project (my first, I’m embarrassed to say :-p) and downloaded NOOBS OS installer to install Raspbian on my new Pi.

Even though I torrented the ZIP file, I still wanted to check the SHA256 checksum of the download. I’m careful that way.

Here’s what I want to do: compute the SHA256 hash of the NOOBS Zip file and compare that to the checksum from the website:

Screenshot 2017-08-25 09.56.05

Drop out to a command window. Enter this command (I don’t want the file name, so I run it through sed after the shamus command):

shasum -a 256 ./NOOBS_v2_4_3.zip | sed 's/^\(.[a-f0-9]*\) .*$/\1/'

Which returned:

94790b8d87086d46d16413bd1967e3f5eb709cb5e124d8213d40e5707da18437

Now, copy the line from the Terminal window, open a text editor, paste it in. Hit enter to get a new line in the editor, copy the SHA-256 hash from the NOOBS download page, and paste that in below it:

Screenshot 2017-08-25 10.09.00

By eye, I can easily see these match, but I thought, “Sheesh, what a lot of work! There has to be a better way!” Spoiler alert: there is!

I found this post at StackOverflow, which linked to this post about process substitution.

So through a single command, I can compute the SHA-256 hash of the downloaded ZIP file, and compare that to the checksum from the NOOBS downloads page (okay, okay, I still have to manually copy the checksum from the downloads page and paste it into the command line after the echo):

diff <(shasum -a 256 ./NOOBS_v2_4_3.zip | sed 's/^\(.[a-f0-9]*\) .*$/\1/') \
<(echo 94790b8d87086d46d16413bd1967e3f5eb709cb5e124d8213d40e5707da18437)

Note: I’m using “\” to indicate the line is too long for WordPress to display, but the command works just fine with the backslash in there. Here’s a screenshot in case you need further convincing (I ran it twice, once with and once without the backslash):

Screenshot 2017-08-25 10.39.55

Voila! When the command line comes back with no output (as diff does when there are no differences between “files”), I know the checksum is good!

So, to sum up, the basic format for this command (assumes you’re checking an SHA-256 hash) is:

diff <(shasum -a 256 /path/to/file/FILE_TO_CHECK | \
sed 's/^\(.[a-f0-9]*\) .*$/\1/') <(echo CHECKSUM_FROM_WEBSITE)

Hope you enjoyed this tip. Thanks for reading!

Now if you’ll excuse me, I have a Raspberry Pi 3 project to get to!

–jsp