"Verify your ISO image" instructions for Windows users

Suggestions and feedback for Linux Mint and the forums
Forum rules
Do not post support questions here. Before you post read: Where to post ideas & feature requests
citizen127
Level 1
Level 1
Posts: 3
Joined: Fri Mar 16, 2018 5:12 pm

"Verify your ISO image" instructions for Windows users

Post by citizen127 »

Hey all,
I just finished verifying my copy of linuxmint-18.3-cinnamon-64bit.iso on Windows 10 using these instructions:
IG = https://linuxmint-installation-guide.re ... erify.html
Verify page = https://linuxmint.com/verify.php
and I have some suggestions:
1. I think it would be a good idea to put the instructions from the verify page regarding "sha256sum --ignore-missing -c sha256sum.txt" in the IG. It's a faster, easier, and probably more reliable way to compare the sums than just eyeballing it.
2. It's probably worth mentioning that in order to download the sha256sum.txt and sha256sum.txt.gpg files you need to click on the file link and then right click on the page and select "Save page as..." or "Save as..." to save the file, at least in Firefox and Chrome on Windows 10. That can drive a person nuts if they're not familiar. A lot of people would try to copy and paste the text into a txt file, but that's no good.
4. In the IG, the line "You should be able to find these files in the same place you downloaded the ISO image from" is confusing if you downloaded your ISO from this page:
https://linuxmint.com/edition.php?id=246
That page doesn't have anything at all about those files. I know there's a link to the verify page, but that doesn't help when you're looking for txt files.
3. It would save a whole lot of time and frustration if there was more detail regarding Cygwin for Windows users. Something like this:
A. Once you have the Cygwin setup exe downloaded, open the file, click "Yes" in the Windows "User Account Control" window to allow Cygwin to make changes.
B. Click "Next" until you get to the "Cygwin - Select Packages" window.
C. In the "Cygwin - Select Packages" window, search for coreutils and select install for all of the packages in the search results.
D. In the "Cygwin - Select Packages" window, search for gpg and select install for all of the packages in the search results.
E. Click "Next" some more.
F. When the install is complete, open Cygwin Terminal and use the cd command to navigate to the directory containing your local ISO. Note that in Cygwin the path needs to be in double quotes. For example:
Jon Doe@Jon Doe ~
$ cd "C:\Users\Jon Doe\Desktop\ISO"
I know that that's a lot of nitpicky details about software that isn't Linux, but I think it's important for the future of Linux to be as welcoming as possible to new users. Also, I know that some of the packages in the searches I suggested aren't necessary to the process, but I'm not here to learn the fine points of Cygwin packages, and it worked for me.
Thanks for your time,
citizen127
User avatar
Pierre
Level 21
Level 21
Posts: 13182
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: "Verify your ISO image" instructions for Windows users

Post by Pierre »

since you've managed to work out the finer details, to "Verify your ISO image" in the Windows System,
- can you now write a short Tutorial to reflect, just what you managed to do ?

we can never have enough of these Guides, to help other N00Bs to get across the line,
- when they are attempting to flee the addictive World of Windows.
8)
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
User avatar
sdibaja
Level 5
Level 5
Posts: 900
Joined: Sun May 08, 2011 12:57 pm
Location: Baja California, Mexico

Re: "Verify your ISO image" instructions for Windows users

Post by sdibaja »

use torrent downloads, then you do not need to verify the image. be a nice guy and keep the torrent running so others benefit too.
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: "Verify your ISO image" instructions for Windows users

Post by xenopeek »

sdibaja wrote: Fri Mar 16, 2018 10:47 pm use torrent downloads, then you do not need to verify the image. be a nice guy and keep the torrent running so others benefit too.
While downloading through Torrent detects and repairs download errors, which downloading through a web browser doesn't do, verifying the downloaded file is not just an integrity check but also an authenticity check. The latter Torrent doesn't do for you.
Image
User avatar
sdibaja
Level 5
Level 5
Posts: 900
Joined: Sun May 08, 2011 12:57 pm
Location: Baja California, Mexico

Re: "Verify your ISO image" instructions for Windows users

Post by sdibaja »

good point, noted
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
User avatar
Pierre
Level 21
Level 21
Posts: 13182
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: "Verify your ISO image" instructions for Windows users

Post by Pierre »

whilst using any torrent for an ISO will work,
most of those who are still using the Windows System,
- may not have the skill level to utilize this technique,
or even be able to check / validate that ISO within their Windows System, for that matter.

so, therefore any extra Tutorial(s) that can be created,
just may have that 'extra viewpoint' that could be useful for any newcomer to the World of Linux.
8)
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
MScott

Re: "Verify your ISO image" instructions for Windows users

Post by MScott »

Sadly not all ISPs allow torrent downloads, mine is one of em :(
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: "Verify your ISO image" instructions for Windows users

Post by phd21 »

Hi "MScott",

Tip - FYI: To prevent your ISP and others from knowing (monitoring) what you are doing and or restricting what you are doing:

1.) Change your local ISP's connection's DNS server IP addresses to safe and anonymous ones from a reliable DNS provider like "dns.watch", "opennic", "OpenDNS", etc... This is a smart thing to do anyway.

How to change DNS servers - Linux Mint/Cinnamon – OpenDNS
- Very good instructions and you can use OpenDNS servers or any DNS provider's server IP addresses.
https://support.opendns.com/hc/en-us/ar ... t-Cinnamon

Recent post with DNS screenshots
Trouble with university wifi - Linux Mint Forums
viewtopic.php?f=53&t=266001

Also, a lot of people get better performance when using IPv4 versus IPv6.
Disable IPv6 if its not supported
See #2 & #3 to set priority to "IPv4" (I use #2 & #3)
http://www.blackmoreops.com/2015/08/04/ ... -in-linux/

2.) In addition to doing Step #1, you can also use a VPN provider's servers to connect to the Internet (works on top of or with your current ISP connection to provide encrypted and anonymous Internet use). Note: as mentioned in the link below, not all VPN providers allow torrent downloading either, especially the free ones, but most paid for VPN providers do. "vpngate" is a system of free VPN servers (providers) that does allow torrenting. Tip#2: While connected to a VPN change the Torrent software client's settings to use encryption and change the network interface adapter to "tun0" (that is a zero) which is only available when you are connected to a VPN server before downloading anything; this forces the torrent software client to use the VPN server connection.

vpn - Linux Mint Forums
viewtopic.php?f=90&t=265922

Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
MScott

Re: "Verify your ISO image" instructions for Windows users

Post by MScott »

phd21 wrote: Mon Mar 19, 2018 6:17 pm <snip>...<snip>

Hi "MScott",

Tip - FYI: To prevent your ISP and others from knowing (monitoring) what you are doing and or restricting what you are doing:

Hope this helps ...
Hi phd21

The info is much appreciated... I'll add the links to my list of things to read :D

Oh, for those still interested, I found this online scanner, it takes a bit longer than running a tool from your system but it does get the job done. On my modest Lenovo laptop (G50-45, AMD A6-6310, 12GB RAM, Win 8.1x64) it took maybe 3 or 4 minutes. I think the max file size is 4GB so it should work with most linux distros. Download the distro to your computer then head over to ( http://onlinemd5.com/ ) and select the checksum type -- md5, sha1, or sha256, then click Browse to find and load the distro you want to verify, and so on. This option is system agnostic, Windows, Linux, Mac.

There are literally hundreds of free tools for Windows users that can very easily scan a Linux distro, create a checksum, then you would copy & paste the provided checksum from the sha256sum.txt file into the tool and Verify, very easy. I really like (and use) a free, small, and portable tool called CHK Checksum Utility -- ( http://compressme.net/ ) -- It took maybe 25 seconds to load, generate, and compare (verify) Mint 18.2 Cinnamon x64.
chk.png

The sha256sum.txt file can easily become a checksum file that can be loaded into other tools and run against the file or files listed in the database. To do this you would need to simply change the extension of the sha256sum file from .txt to .sha256, then load the file into the tool which would then show a list of files and their expected checksums... then verify the distro(s) that you have, and of course expect some "missing files" since you might only have 1 of the 5 or 6 listed in the checksum file. Again, there are numerous free tools for a Windows user, I like (and use) SFVNinja, found here -> ( http://www.donationcoder.com/forum/inde ... 408859#new )
sfvninja.png

About the validity of the checksum.txt file itself... there's the "ring of trust" that is necessary when using the gpg method to validate the checksum file, and in some cases the author's signature may not be valid (unknown) and so the ring must vouch for the author. I use a similar method with the txt file -- I figure if every mirror around the world is using the same checksums to verify the iso images (see their ftp), this is much like the ring of trust vouching for an unknown author's signature. I also check to see if there are any issues by checking the forum - listening for chatter - anyone, Bueller. Nothing is fool proof, but it works, so be vigilant just don't fret, have fun and enjoy the experience.

HTH :)
djh53

Re: "Verify your ISO image" instructions for Windows users

Post by djh53 »

Pierre, I found citizen127's post helpful.

Did he/she take up your suggestion about a tutorial?

If not, let me know. I'm retired now, and have the time to help.

Like yourself, we're in Perth - northern suburbs.

Pax,
djh53
Almavague

Re: "Verify your ISO image" instructions for Windows users

Post by Almavague »

Hi Citizen127,
Those instructions are perfect, I've been searching for exactly that for a few hours. Thank you.

Here's my problem, I have relatively limited internet data - 20Gb per month. Usually I don't need any more than this. I've downloaded the Cygwin exe and I started to install everything mentioned. The download seemed to keep going indefinitely, while I watched my data being eaten up. I stopped the installation when I had 4Gb to last me until Jan 15. It looks like it downloaded about 3Gb worth of stuff and seemed nowhere near finished. Is there some way to do this authenticity and integrity check without all this downloading?

Thanks!
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: "Verify your ISO image" instructions for Windows users

Post by phd21 »

Hi "MScott", Citizen127, etc...

"MScott", You are welcome...
MScott wrote:The sha256sum.txt file can easily become a checksum file that can be loaded into other tools and run against the file or files listed in the database. To do this you would need to simply change the extension of the sha256sum file from .txt to .sha256, then load the file into the tool which would then show a list of files and their expected checksums... then verify the distro(s) that you have, and of course expect some "missing files" since you might only have 1 of the 5 or 6 listed in the checksum file. Again, there are numerous free tools for a Windows user, I like (and use) SFVNinja, found here -> ( http://www.donationcoder.com/forum/inde ... 408859#new )HTH :)
I have mentioned renaming the Linux Mint checksum files to ".sha256" many times in posts and replies and even suggested it to the Linux Mint people because that is the normal procedure for checksum files, that and only having one checksum file per ".iso" file with the exact same name as the iso file or whatever file. There are various Linux, MS Windows, and Mac, checksum utilities or integrated checksum options in file managers, etc... that could automatically recognize the checksum filename extension like ".sha256" and use them for checksum verification.

To "Citizen127" and others with slower or limited Internet connections, I would highly recommend using a Torrent client and the Linux Mint torrent link for downloading Linux Mint iso files which can also do the checksum (verify checksum) for you. I could not find the file check option in the "vuze" torrent client, but it may have one. Other fast downloading options are installing and using fast turbo downloaders, like the "Slimjet" browser with a turbo downloader built-in, or "XDM" Xtreme Download Manager, or "uGet", etc... The secure Brave browser has a built-in torrent client (webtorrent), but I did not see a file verification check option, might be automatic though.

Downloading your First Torrent: The Definitive Guide (2019 Update)
https://www.rapidseedbox.com/blog/download-torrent

Update on Vuze Torrent client: "Right-click on the download and select 'force recheck'. You might need to set your mode to 'advanced', can't remember (Tools->Options->Mode)"

Hope this helps ...
.
checksum_files.txt.jpg
.
Krusader_File_Manager_Verify_checksum_file1.jpg
Last edited by phd21 on Sat Jan 05, 2019 4:35 pm, edited 5 times in total.
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
gm10

Re: "Verify your ISO image" instructions for Windows users

Post by gm10 »

Almavague wrote: Sat Jan 05, 2019 12:53 pm Hi Citizen127,
Those instructions are perfect, I've been searching for exactly that for a few hours. Thank you.

Here's my problem, I have relatively limited internet data - 20Gb per month. Usually I don't need any more than this. I've downloaded the Cygwin exe and I started to install everything mentioned. The download seemed to keep going indefinitely, while I watched my data being eaten up. I stopped the installation when I had 4Gb to last me until Jan 15. It looks like it downloaded about 3Gb worth of stuff and seemed nowhere near finished. Is there some way to do this authenticity and integrity check without all this downloading?
Integrity check can be done without any downloads on any recent version of Windows (7-10 at least). Run "cmd.exe" to get a command prompt, then run:

Code: Select all

CertUtil -hashfile ISO_FILENAME SHA256
with ISO_FILENAME being the path and name of the Linux Mint .iso you downloaded. This will calculate the checksum, which you can then manually compare to the one in the sha256sum.txt file linked on this page: https://linuxmint.com/verify.php

For the authenticity check you can download Gpg4win, which is less than 30 MB. Or just search for your hash on the forums here to see if somebody confirmed it (crowd-sourced authentication - good until the forums get hacked or we're all part of a conspiracy out to get you :lol:).

Code: Select all

$ gpg --verify sha256sum19.1.txt.gpg sha256sum19.1.txt
gpg: Signature made Mon 17 Dec 2018 08:58:03 PM CET
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [full]
$ cat sha256sum19.1.txt
b580052c4652ac8f1cbcd9057a0395642a722707d17e1a77844ff7fb4db36b70 *linuxmint-19.1-cinnamon-32bit.iso
bb4b3ad584f2fec1d91ad60fe57ad4044e5c0934a5e3d229da129c9513862eb0 *linuxmint-19.1-cinnamon-64bit.iso
ca86885e2384373f8fbb2121e2abb6298674e37fc206d3f23661ab5f1f523aba *linuxmint-19.1-mate-32bit.iso
5bc212d73800007c7c3605f03c9d5988ad99f1be9fc91024049ea4b638c33bb4 *linuxmint-19.1-mate-64bit.iso
039d619935c2993e589705e49068a6fa4dc4f9a5eb82470bc7998c9626259416 *linuxmint-19.1-xfce-32bit.iso
7b53b29a34cfef4ddfe24dac27ee321c289dc2ed8b0c1361666bbee0f6ffa9f4 *linuxmint-19.1-xfce-64bit.iso
:D

And I've been telling xenopeek to add some Windows instructions to that page. Sorry you blew a hole in your bandwidth quota for nothing.
SolePublic

Re: "Verify your ISO image" instructions for Windows users

Post by SolePublic »

Below are the quick steps this WindowsUser used to check the integrity of my ISO image.
This is much faster than the online comparators and uses no bandwidth.

1. Choose a nearby mirror from https://www.linuxmint.com/mirrors.php
2. Path through directory to chosen version
3. Click iso file, download
4. Rt click sha256sum.txt file, choose Save As
5. Use File Explorer to open download location, copy iso filename into clipboard
6. In Explorer: File>Open Windows PowerShell
7. In PowerShell: Get-FileHash isofilename [paste the isofilename, e.g., linuxmint-19.1-mate-64bit.iso]
8. Copy hash
9. Paste into sha256sum.txt below the hash for your version
10. Compare [I pasted them both into Word and changed letters to same case (Home>Font>Aa>lower case) so they lined up]

I have not figured out how to examine the signing key to check the authenticity using Windows.
millipede
Level 1
Level 1
Posts: 17
Joined: Sat Oct 06, 2018 3:54 pm

Re: "Verify your ISO image" instructions for Windows users

Post by millipede »

I don't think I was expecting things to be so complicated. I started a topic about the cygwin that the verify page suggests using if you're on windows... because when I tried to install it, my AV said it was a bad idea. And the directions for authentication few right over my head. Someone replied and just gave me a link to this topic but, I'm still confused... so, I think if someone could put in a good detailed tutorial somewhere for people that do NOT have experience with these things can still do this, that would indeed be awesome. Think baby steps. Sometimes(often maybe) really smart people will explain things in ways that seem simplified to them but still take for granted that the people reading ALL know enough of the basics of that topic.
Someone mentioned an online utility... I tried that... got some checksum string but, where do I go after that? There's no explanation for me so I was lost.
I tried the powershell AND the CMD options but apparently I'm typing something inaccurately, not putting the location in or something... I get messages that it can't find the file or path, etc... because it's assumed that I know how to use powershell or cmd with those instructions.

The whole process is overwhelming me. ha. I think I need a "for dummies" version of this.
gm10

Re: "Verify your ISO image" instructions for Windows users

Post by gm10 »

millipede wrote: Wed Mar 27, 2019 11:39 am Someone replied and just gave me a link to this topic
No, I had given you a link to a very specific post of mine in this topic: viewtopic.php?p=1576080#p1576080
millipede
Level 1
Level 1
Posts: 17
Joined: Sat Oct 06, 2018 3:54 pm

Re: "Verify your ISO image" instructions for Windows users

Post by millipede »

I had given you a link to a very specific post of mine in this topic:
Which I tried, and must have done incorrectly. While putting in the path or something... says it can't find the file specified.
gm10

Re: "Verify your ISO image" instructions for Windows users

Post by gm10 »

millipede wrote: Wed Mar 27, 2019 11:59 am
I had given you a link to a very specific post of mine in this topic:
Which I tried, and must have done incorrectly. While putting in the path or something... says it can't find the file specified.
The path to the file you downloaded? Well, that's entirely up to you where you put that, nobody here can know. Try one of the GUI tools linked above, will probably be easier for you.
millipede
Level 1
Level 1
Posts: 17
Joined: Sat Oct 06, 2018 3:54 pm

Re: "Verify your ISO image" instructions for Windows users

Post by millipede »

I figured out my mistake, in my confusion... I think I had looked at too many directions at the same time. For one of them it had said to just copy the file name, which is what I did hear but that left off the .iso. So that was my problem. That checks out. Now to try your suggestion for authenticating and then, on to the next step.
Thanks.
millipede
Level 1
Level 1
Posts: 17
Joined: Sat Oct 06, 2018 3:54 pm

Re: "Verify your ISO image" instructions for Windows users

Post by millipede »

For the authenticity check you can download Gpg4win,
Can you explain what I then do with that program? Which files do I need to already have somewhere, etc? I want to make sure I'm running it correctly. First time I tried something I just got the same string I already got while checking integrity so I'm not sure that's what I was supposed to do. I'm checking the authenticity and that's a different file correct?
Post Reply

Return to “Suggestions & Feedback”