How to Verify Archive Integrity in Ubuntu Linux
This article provides a straightforward guide on verifying the integrity of compressed archives within the Ubuntu operating system. It details the process of using checksums to confirm file authenticity and demonstrates command-line utilities to test archive health before extraction.
Using Checksums to Verify Files
The most reliable method to ensure an archive has not been corrupted
or tampered with is comparing its checksum against a provided value.
Ubuntu includes tools like md5sum and
sha256sum by default.
To generate a checksum for a file, open the terminal and navigate to the directory containing the archive. Run the following command for SHA256, which is more secure than MD5:
sha256sum filename.tar.gz
Compare the resulting hash string with the one provided by the source where you downloaded the file. If the strings match exactly, the file integrity is confirmed. If you have a separate checksum file, you can verify automatically using:
sha256sum -c filename.tar.gz.sha256
Testing Archive Health Directly
You can also test the internal structure of the archive without extracting it. This checks for data corruption within the compressed container.
For .tar.gz or .tar.bz2 files, use
the tar command with the test flag. This lists the contents
and checks for errors:
tar -tf filename.tar.gz
If the command returns a list of files without error messages, the archive structure is intact. For a more rigorous test that reads compressed data, use:
gzip -t filename.tar.gz
For .zip files, use the zip utility
with the test flag:
zip -T filename.zip
A successful test will return “OK” for each file inside the archive. If any errors appear, the archive is corrupted and should not be extracted.
Handling Verification Errors
If checksums do not match or archive tests fail, do not use the file. Corrupted archives can lead to data loss or security risks. Delete the invalid file and re-download it from the original source, ensuring the download process completes without interruption.