March 23, 2016

Installing Gimp & checking md5 sums on OSX

After the resent Transmission BitTorrent RansomWare issue on OSX, its time to step up the security. Remeber to add checks when grapping packages and images from the big bad internet. Here's a check when installing tha' Gimp

Download the dmg file for the gimp, wait until its complete. Then copy the md5hash from the page, and fire up a terminal. Then type:

# test $(md5 ~/Downloads/Gimp-2.8.14p2-Mavericks-Yosemite.dmg | cut -d ' ' -f 4) = 30a4a0851f1da76bd4702bf99aec60b3 && echo "ohhh ya"

If you get the ohhh ya, the hashes match and you can go about your business. Please note, it stille dosen't assure that the mounted archive is RansomWare free, just that it came from the Gimp source on the website you down loaded it from.

Now, that takes care of the md5 sums but what about the sha256 issues? Welle if you didn't know the shasum program will help you here. You should grap a copy of Transmission. If you dare `:O.

Then check the file integrity with:

# test $(shasum -a 256 ~/Downloads/Transmission-2.92.dmg | cut -d ' ' -f 1) = 926a878cac007e591cfcea987048abc0689d77e7729a28255b9ea7b73f22d693 && echo "bingo champ install it"

Again if you get the echo bingo champ install it. The file should be ok to install, but backup just to be sure. If you like you can script it, echo'ing the checksums etc. then you may only have t call en chksum.sh "chksum" file script. That's a small project or check what Ted does.

No comments: