45

On Ubuntu 14.04, sha256sum from coreutils works as I expected:

echo 879dd0d7637876be4796f7e6f194a111d21088be85cfe717fc97e2e7f05e79d2 /tmp/myfile | sha256sum -c
/tmp/myfile: OK

However, the exact same command with the exact same file on Debian Wheezy fails:

sha256sum: standard input: no properly formatted SHA256 checksum lines found

I don't understand this. How can I verify the checksum reliably in a shell script on Debian?

On Ubuntu 14.04:

⟫ sha256sum --version
sha256sum (GNU coreutils) 8.21

On Wheezy:

$ sha256sum --version
sha256sum (GNU coreutils) 8.13

manpages on both OSs say:

SYNOPSIS
       sha256sum [OPTION]... [FILE]...

DESCRIPTION
       Print or check SHA256 (256-bit) checksums.  With no FILE,
       or when FILE is -, read standard input.

[...]

       -c, --check
              read SHA256 sums from the FILEs and check them
gertvdijk
  • 13,459
  • 7
  • 45
  • 59

1 Answers1

56

It cares about the spacing. If you run:

sha256sum /dev/null

you get

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  /dev/null

(two spaces). When you use echo like that, there's only one space between the words.

Version 8.13 wants the exact format its output is in. If you use:

echo "$SUM  $FILE" | sha256sum -c

(again, two spaces) it should work. Newer versions don't care about how many spaces there are, so it will work with them too.

Michael Homer
  • 74,824
  • 17
  • 212
  • 233
  • 21
    Added trivia: The second space character has in fact a meaning. It denotes that the checksum has been calculated in _text mode_. In contrast, a `*` in front of the filename denotes _binary mode_. Compare the output of `sha256sum -t /dev/null` (text mode, the default) with `sha256sum -b /dev/null` (binary mode). This doesn't make a difference on Unix/Linux, apparently, but [it could on Windows](https://www.virtualbox.org/ticket/9569). – Dubu Jun 30 '14 at 14:47
  • 1
    am I the only one who thinks this syntax is not as helpful as it could be? Why is it not `sha256sum -c ` or some other flag since -c is already in use. In any case, thanks for this, it solved my problem as well. – nycynik Feb 28 '21 at 19:35
  • 1
    @nycynik `-c` reads a whole file (from standard input here) of checksums for any number of hashed files, so that you can verify a whole directory of files at once, so taking a single sum isn't a replacement. A single-file verification mode would be nice sometimes too though, it just isn't present currently (perhaps because you can already do this in those cases). – Michael Homer Feb 28 '21 at 19:55