How to verify iso/xz file before IPfire install?

Download page for IPfire has links to iso and xz files but there is no information about file with checksum, that was MD5 or SHA1 and then SHA256 in the past. It looks like there is no way to verify that downloaded file was not damaged.

It was not easy but I have found a mirror with those files and even some bonuses.

Directory at mirror even has torrent file! What a pity that torrent link is not published on release page…

I was looking for file with some checksum, like MD5, SHA1, SHA256 and there is such [ link removed - not an official channel for IPFire downloads] but I have no idea what kind of checksum it is and how to use it.

$ curl
0d44e5332095930bbaf1698596073095b586807a2ba7c60b9f0cf3b2ae5524592092ca5bc2f26b953eb02656ca065589d75bfe55c318e81d0709803a9b7c1516  ipfire-2.29-core184-x86_64.iso


b2 file extension indicates BLAKE2 checksum, that is a new tech…

File can be verified with b2sum utility:

user@ubuntu:~$ b2sum -c ipfire-2.29-core184-x86_64.iso.b2 
ipfire-2.29-core184-x86_64.iso: OK

More info about BLAKE2 and b2sum

Torrents were published at Distrowatch in the past but recent updates are not announced there anymore, the last entry is for core 176…

EDIT: Links removed my moderator

I hovered over the download links and I see SHA256. I do not know how to copy & paste the SHA256 results to somewhere else, but I do see it is available.

The torrents still exist but I do not know why they are not published.

1 Like

Because they weren’t being used much. I suspect they will stop getting created somewhere in the future.


Interesting, I missed that, well hidden checksum…

When I do not have CHECKUM file, I calculate checksum that I expect to be available and then ask Google for that checksum, if it finds “iso” file, I know that file was not corrupted. Such checksums are useful, they can discover hidden corruption caused by SSD disk failure (MLC, TLC, QLC, PLC cells can silently loose information over time, I already have such experience).

I tried experiment,

user@ubuntu:~$ sha256sum ipfire-2.29-core184-x86_64.iso
5a42928e1d15a13b6f42e12ee8296a7fee1dcb84cdbbf19fa805021b531ef368  ipfire-2.29-core184-x86_64.iso

and then ask Google about 5a42928e1d15a13b6f42e12ee8296a7fee1dcb84cdbbf19fa805021b531ef368 and I get no results. Google ignores information about checksum that is stored in “IPfire” way (“title” attribute of “a” tag in html code).

When I search for BLAKE2 checksum, Google finds only this thread, it doesn’t find files at mirrors…

Try an experiment, search with Google for 30c9610508fd2ea3aedd9e3380f70795868f7b15038e1a803fe176c271d0c82d

Why do you ask Google for the checksum?
What information do you expect?

Why is it not possible just to compute the SHA256 checksum and compare it with the checksum shown on the IPFire download page ‘by eyes’?

I am lazy :wink: It is faster to ask Google about checksum than to search for a download page and then search for checksum at that page.

I expect that Google will show me file that has such checksum. It works for major release files. If that procedure fails, I have to dig deeper, I have to find file and checksum or to download file again. The best way is to have file with checksums stored with installation images. Try the experiment with checksum “30c96…”, see previews post…

I’m lazy, too :slight_smile:
Therefore I download from official page, compute the SHA256 checksum of the downloaded file and compare the value with the checksum given by hovering over the file link on the IPFire page.

Well, maybe you need to verify installation file for older release, like core 180. Then what? It is not at official page. And there is no checksum/hash at IPfire official download page, Google cannot see it… :wink:

And when I access download page with text WWW browser (like links), I cannot see checksum too… :wink: I know, this is an extreme example…

With a bit of imagination you can find the link for older CUs. :wink:



I feel bad, I think this thread is going nowhere. :
Maybe I need to start a new thread with all the checksum for verification
or maybe a Wiki page?