From Fedora Project Wiki

Revision as of 13:49, 30 November 2021 by Robatino (talk | contribs) (clarify where to find the CHECKSUM file)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Associated release criterion
This test case is associated with the Basic_Release_Criteria#correct-checksums release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion. If so, please file a bug and nominate it as blocking the appropriate milestone, using the blocker bug nomination page.
Associated release criterion
This test case is associated with the Fedora_42_Final_Release_Criteria#image-consistency-verification release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion. If so, please file a bug and nominate it as blocking the appropriate milestone, using the blocker bug nomination page.


Description

This test is intended to verify that the posted images match the published SHA-256 checksums. Additionally, for ISO media that includes an embedded MD5 checksum, this test verifies that checkisomd5 (used by the installer) correctly locates and verifies the embedded MD5 sum.

Setup

  1. Download the image files you need to test
  2. Download the matching CHECKSUM file (normally located in the same directory as the image files). For example, Fedora-Workstation-42_Beta-1.4-CHECKSUM (the filename is different for each Fedora edition and compose version).

How to test

  1. Validate that the published CHECKSUM matches the downloaded image files by running the command sha256sum. For example, you might type:
    sha256sum -c Fedora-Workstation-42_Beta-1.4-CHECKSUM
  2. If validating ISO image(s) with embedded checksum(s), validate these. First, install the isomd5sum package and then check all ISO files using the checkisomd5 command, for example:
    for ISO in Fedora-*.iso ; do echo "= $ISO =" ; checkisomd5 $ISO ; echo; done

Expected Results

  1. The command sha256sum should return OK results. For example:
    $ sha256sum -c Fedora-Workstation-42_Beta-1.4-CHECKSUM
    Fedora-Server-netinst-x86_64-42_Beta-1.4.iso: OK
    Fedora-Server-dvd-x86_64-42_Beta-1.4.iso: OK
  2. The command checkisomd5 should either return:
    The media check is complete, the result is: PASS.
    It is OK to use this media.

    or:

    The media check is complete, the result is: NA.
    No checksum information available, unable to verify media.