GtkHash is a small utility that ships with some Linux Distros and is held in the Repositories of many more. If shipped, you will likely find it under Accessories. If available, but not installed, you can install it using either your Software Manager/Centre or your (Synaptic) Package Manager.
It is my intention to cover this in a little detail, and in particular to show you how you can turn around the results you find, and to backtrack on the Web to certain sites that may be of use to you.
I will also list a couple of ways of installing GtkHash. for non-Debian-based Distros.
The following screenshots were taken within the environment provided by Ubuntu 16.04 (Beta) MATE.
Standard default is for outputting MD5, SHA1, and SHA256 checksums.
I have taken an old iso of CentOS 7 here as an example, dated, but a good test, I feel.
Given that MD5 is, if not obsolete, then at least passe, you might wish to eliminate it from your search by unchecking it – Edit-Preferences. GtkHash saves your preferences, so that next time you invoke it, it will display the options you used last.
Now this is where GtkHash can become even more useful to you, perhaps even to the point of determining which sites you trust to download from.
I downloaded the CentOS .iso maybe two years ago, but have not yet installed it. I do not have an eg SHAsum,txt file with it where it is stored, and I honestly cannot remember whether I checked same at time of download, or downloaded the checksum file if it was available (doesn’t look like it). But I want to check that it is legit before I install.
Armed with the knowledge I have gleaned from above, I now know that the CentOS has as its SHA1, the checksum
I take that string and paste it into a search on Google (or search engine of your choice) and here are the results.
Very few results, as one might expect given the age of the .iso and the esoteric nature of CentOS, but enough to corroborate that the .iso I want to install is the Real McCoy. With more recent distributions, you will find more results for your own circumstances.
Bear in mind this – just because you may not find, immediately, the checksum you have Googled as having a reference at eg LinuxMint/Downloads or wherever, as I have above … does not mean you should immediately boycott a site and its Distros as being unreliable.
If I take my CentOS example and paste its .iso exact description, and append “sha” to the end, as follows – “CentOS-7.0-1406-x86_64- Everything.iso sha” … my search takes me to a page where the first entry has (in part) the following:
Note the last half a dozen entries – so when you download the .iso, you should also be downloading these, and these small files will not appear in the searches I described earlier. So I am reassured that CentOS is a reliable site to download from.
If your memory is half as foggy as mine, you may not be able to remember where you downloaded an .iso from – was it the official website, was it SourceForge or DistroWatch?
Using the methods I have described, you can be certain that the .iso you have downloaded has not been compromised, and has not been damaged during download.
Before I move on to describing how GtkHash can be installed in others of the Linux “families”, I’ll leave you with two more points.
- If you seek to install GtkHash from your GUI package manager, in my case Synaptic Package Manager is the usual with Debian-based Distros, you may see under the GtkHash entry references to eg Nautilus, Nemo, and Thunar extensions. I have not used these yet, but I am guessing installation of these will allow you to right-click an .iso from your File Manager window pane and choose GtkHash from the context-sensitive menu. Someone could confirm that for me, I would be grateful.
- Apparent from a couple of my screenshots preceding, but not immediately apparent perhaps to the newcomer; is that if you already have at your fingertips a sha1, sha256 or other long checksum and wish to check it against your .iso in GtkHash, you may wish to drag to the left and/or right the edges of the GtkHash window, to reveal all. I’ll show you what I mean.
The above is using Sparky Linux as an example.
Note that the “Check” field under File now shows the full checksum, and that in my case there are checkmarks (two of them), or they might be green-filled circles (Distro-dependent).
In Fedora 22 and upwards (I have used 23 and 24 as well), you can install GtkHash as follows:Code:# dnf install gtkhash
… note that <dnf> is used because yum (the yellowdog update modifier) is deprecated, since dnf was employed with Fedora 22.
… note the command is executed as root, which you get to with <su>, Enter and enter root password.
SourceForge have the tar at https://sourceforge.net/projects/gtkhash/
I enjoy Mageia, but I had to take a cumbersome approach to installing. If someone has a better method (& there likely is one) please let us know.
There was a .tar.xz at SourceForge, but I wasn’t in the mood for untarring, compiling and make-installing, so I found a .deb at http://ftp.gnome.org/ubuntu/ubuntu/pool/universe/g/gtkhash/
and downloaded that to see if it worked.
WIZARD’S NOTE – @ 2017-05-19, SourceForge hold gtkhash-1.1.tar.gz , whereas some of the following lines were written some time ago – so check your version and substitute current filenames where applicable.
I then downloaded and installed Alien, which converts .deb to .rpm and vice-versa, from
– which actually opens the downloads pane.
For Alien I just double-clicked the .rpm from Dolphin File Manager and installed from there.Code:alien -r gtkhash_0.7.0-1ubuntu1_amd64.deb
converts it to gtkhash-0.7.0-2.x86_64.rpm
Then you can (make the file local)Code:sudo urpmi gtkhash-0.7.0-2.x86_64.rpm
orCode:sudo urpmi gtkhash
and use Tab to autocomplete.
Now you have GtkHash installed. Housekeeping note – a package lib64mhash2-0.9.9.9-11.mga5.x86_64 is installed with GtkHash – if you delete GtkHash usingCode:sudo urpme gtkhash
you will need to delete the lib package separately.
Manjaro – Testbed was Manjaro 15.12 Mate, andCode:yaourt -S gtkhash
… worked fine for me.
Sabayon – I was using Sabayon 16.04 KDE some time ago, and so far, no joy. I will crack it eventually, no doubt, but in the meantime if a Sabayon user has some tips, please enlighten us, else I will revisit this environment when I have the answer.
(ADDENDUM TO) DEBIAN-BASED
From another source –
This obviously works on Debian 8, as for others in the Debian family:
MX-15, which I have used, and MX-16, which I currently use.
In MX-15, the command returns this output
root@toshi:/home/chris# aptitude install gtkhash
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
Anything to worry about? No.
GtkHash comes pre-installed with MX-15, and MX-16. They are from mepis.org, under a handshake agreement from the antiX group.
antiX itself (I use 16), does not come with it, but I expect it can be installed. Likewise Point Linux, also Debian-based.
Regarding that last screenshot – you can modify the Settings (Edit-Preferences) in GtkHash, to show different algorithm choices, the choice is almost overwhelming, and, no, I am not familiar with half of them.
As a bare minimum, I would advocate the use of:
- SHA256 and
256 and 512 are going to become more and more prevalent, so be prepared.
- News Briefs: Charles Dance Joins ‘Godzilla: King of the Monsters’
- IBM Named to CRN Mobility 100