Verifying Downloads
Verify for Corruption
A checksum is a string of letters and numbers that is unique to a file, like a fingerprint. Checksums are generated by different algorithms, with the two most popular being Secure Hash Algorithms (SHAs) and the MD5 algorithm. Ubuntu MATE provides the SHA256 checksum on its download page.
Verifying a download involves checking the checksum of the file you downloaded versus the checksum provided on the download web site. Mismatching checksums can indicate a corrupted or otherwise compromised file, so verifying your downloads is a good habit to adopt!
As an alternate, you can check your downloaded is trustworthy, by verifying the digital signature of the file instead.
Windows
This method uses a third-party application named MD5 & SHA Checksum Utility.
- Download MD5 & SHA Checksum Utility
- Launch the application MD5_and_SHA_Checksum_Utility.exe
-
Click on the Browse button and browse to the Ubuntu MATE ISO file.
Note: To make calculation faster, it’s only necessary to check the checksums you have values for.
macOS
On macOS, you can verify checksums easily and manually in the command line, as
shasum
comes preinstalled.
- Open a Terminal window and a Finder window containing the ISO.
-
Type
shasum -a 256
and drag the ISO’s file icon into Terminal. - Press Enter to begin the process. This may take a few moments.
-
Compare the SHA256 checksum printed to the command line to the checksum on the image’s download page.
GNU/Linux
GtkHash
This application can be installed via your distribution’s software manager, if it is not already installed.
- Launch
gtkhash
- In the File dropdown menu, select the ISO you wish to check
- On the page where you downloaded the ISO, copy the SHA256 checksum and paste into the Check field
-
Click Hash - a green checkmark means the image is verified
Command Line
On every distribution, you have command line tools for verifying checksums.
In this case, we’re interested in the sha256sum
tool.
- First, switch to the directory where the ISO is stored
- Enter
sha256sum ubuntu-mate-XX.XX-version.iso
, substituting the name of the specific ISO you downloaded. - Compare the SHA256 checksum printed to the command line to the checksum on the download page.
Ubuntu MATE
On current Ubuntu MATE versions (18.04 LTS and newer), caja-gtkhash
is
pre-installed and allows you to perform checksums from within the file browser.
- Navigate to the file in the Caja file manager.
- Right click the file and choose Properties.
- Open the Digests tab.
-
Copy the SHA256SUM checksum from the download page and paste into Check field. The green check mark means the download is verified.