48

On Ubuntu 14.04, sha256sum from coreutils works as I expected:

echo 879dd0d7637876be4796f7e6f194a111d21088be85cfe717fc97e2e7f05e79d2 /tmp/myfile | sha256sum -c
/tmp/myfile: OK

However, the exact same command with the exact same file on Debian Wheezy fails:

sha256sum: standard input: no properly formatted SHA256 checksum lines found

I don't understand this. How can I verify the checksum reliably in a shell script on Debian?

On Ubuntu 14.04:

⟫ sha256sum --version
sha256sum (GNU coreutils) 8.21

On Wheezy:

$ sha256sum --version
sha256sum (GNU coreutils) 8.13

manpages on both OSs say:

SYNOPSIS
       sha256sum [OPTION]... [FILE]...

DESCRIPTION
       Print or check SHA256 (256-bit) checksums.  With no FILE,
       or when FILE is -, read standard input.

[...]

       -c, --check
              read SHA256 sums from the FILEs and check them
Improve this question

1 Answer 1

Reset to default
58

It cares about the spacing. If you run:

sha256sum /dev/null

you get

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  /dev/null

(two spaces). When you use echo like that, there's only one space between the words.

Version 8.13 wants the exact format its output is in. If you use:

echo "$SUM  $FILE" | sha256sum -c

(again, two spaces) it should work. Newer versions don't care about how many spaces there are, so it will work with them too.

Improve this answer
3
  • 22
    Added trivia: The second space character has in fact a meaning. It denotes that the checksum has been calculated in text mode. In contrast, a * in front of the filename denotes binary mode. Compare the output of sha256sum -t /dev/null (text mode, the default) with sha256sum -b /dev/null (binary mode). This doesn't make a difference on Unix/Linux, apparently, but it could on Windows. Commented Jun 30, 2014 at 14:47
  • 2
    am I the only one who thinks this syntax is not as helpful as it could be? Why is it not sha256sum <file> -c <sum> or some other flag since -c is already in use. In any case, thanks for this, it solved my problem as well. Commented Feb 28, 2021 at 19:35
  • 1
    @nycynik -c reads a whole file (from standard input here) of checksums for any number of hashed files, so that you can verify a whole directory of files at once, so taking a single sum isn't a replacement. A single-file verification mode would be nice sometimes too though, it just isn't present currently (perhaps because you can already do this in those cases). Commented Feb 28, 2021 at 19:55

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.