Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It would be great if curl could take file integrity hash value as a command line argument.


I'd like to practice verifying file integrity, instead of running `curl | sh`. I see that sha256sum (or 512) is the standard command people use.

    # Download package and its checksum
    curl -fsSLO https://example.com/example-1.0.0.tar.gz
    curl -fsSLO https://example.com/example-1.0.0.tar.gz.sha256

    # Verify the checksum
    sha256sum -c example-1.0.0.tar.gz.sha256
But if the server is compromised, the malicious actor would likely be able to serve a matching hash to their file?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: