Why verify your downloads?
While in most cases, downloads are free from corruption and tampering, you may wish to verify the integrity of your download to ensure you are getting a clean copy of Ubuntu MATE exactly how the developers intended.
Verifying downloads are particularly important when downloading directly from a server. BitTorrent is secure too as it checks pieces as it downloads.
Check the SHA256 Hash (quick)
On Ubuntu MATE
On current Ubuntu MATE versions (18.04 LTS and newer),
caja-gtkhash is pre-installed
and allows you to perform checksums from within the file browser.
- Navigate to the file in the Caja file manager.
- Open the file’s properties.
- Either via the menu bar: File → Properties
- Or right click the file → Properties.
- Choose Digests tab
Copy the SHA256SUM checksum from the download page and paste into Check field
Note: To make calculation faster, it’s only necessary to check the checksums you have values for.
On GNU/Linux distributions: GtkHash (GUI)
This method uses an application called GtkHash. This can be installed via your distribution’s software manager.
- Launch GtkHash
- Select ISO in File chooser
- Copy the SHA256SUM checksum from the download page and paste into Check field
- Click Hash
Ensure you have green checkmark near one of the calculated checksums
On GNU/Linux distributions: Command Line
A majority of other distributions come with
Open the folder containing the download in the terminal.
sha256sumfollowed by the file name of the image.
Compare the hash with the one provided on the Download page.
Checksum utilities are available on the web, such as:
On Mac OS X
sha256 is pre-installed with most versions of OS X.
shasum -a 256 ubuntu-mate-15.10-desktop-amd64.iso
Graphical utilities are also available:
Check using Repository GPG Keys (secure)
This method verifies the hashes published by Canonical are actually authentic. Unlike performing a quick checksum, the SHA256SUMS file is signed and only Ubuntu’s key can unlock the file to reveal the checksums exactly as Ubuntu published them.
Download a copy of the
SHA256SUMS.gpgfiles from Canonical’s CD Images server for that particular version.
Install the Ubuntu Keyring. This may already be present on your system.
sudo apt-get install ubuntu-keyring
Verify the keyring.
gpgv --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg SHA256SUMS.gpg SHA256SUMS
Verify the checksum of the downloaded image.
grep ubuntu-mate-18.04-desktop-amd64.iso SHA256SUMS | sha256sum --check
If you see “OK”, the image is in good condition.