Verifying VMware Downloads

Published by Christian Mohn · Read in about 3 min (464 words)

Now that vSphere 5.1 and assorted products have been released into the wild, how do you check the integrity of your downloaded file? As you might be aware of, VMware publishes both MD5 and SHA1 hashes for their files, making it possible to check if the file you just downloaded is identical to the file offered from VMware.

Checking the MD5 or SHA1 hash for a single file is easy, at least in OS X where you don´t need any third party tools to check.

Open up Terminal and navigate to your download directory and run either the md5 command, or the shasum command to verify the file signature. You can then compare the signature to the checksums provided by VMware on the download page.

  

For a single file, this is not a problem, but what if you have downloaded a bunch of files into a directory and want to calculate the checksums for all of them in one go?

Thankfully this is pretty simple as well, just add a little Terminal (It´s really bash, I know) magic and you´re all set:

MD5:

find . -type f -exec md5 '{}' \;

SHA1:

find . -type f -exec shasum '{}' \;

These small bash one-liners will go through all the files in the current directory, and calculate checksums for each of them.

There are tools available for Windows as well that perform the same operations, but I haven´t looked into those for this post.

A collection of MD5/SHA1 checksums for the vSphere 5.1 Release: #

[table id=9 /]

As far as I can tell, VMware does not offer a single page that lists all of the checksums for their files, something that makes finding the checksums a bit tedious. I´ve found that the best way to find then, after you have downloaded the files, is to check the My VMware Downloads History, page since it shows you all the downloads you have performed on one page, instead of going through multiple pages. Find the “Show Checksums” link to show the checksums, without having to open the download page for each item.

  

Wishlist #

I´m sure some scripting Wizkid could easily create a script that runs the checksum generation and then checks a given text file for a match, but I really wish VMware would create a service that enables you to easily check the checksums for a given file, without having to log on to VMware.com at all.

If we could do a simple HTML request to a service that returns the checksum for a given file, that would easily be scriptable and comparisons could be performed automatically.

That way, doing a request like this (yes, this is indeed a fake non-working URL):

curl vmware.com/integrity/md5/vCO_VA-5.1.0.0-817595_OVF10.cert

would return a simple

c636547afb4de258d9164a74ac622674

Good idea? Bad Idea? Let me know!

Post last updated on January 2, 2024: Add author

About

vNinja.net is the digital home of Christian Mohn and Stine Elise Larsen.

The primary focus is on IT architecture and data center technologies like virtualization and related topics, but other content also pops up from time to time.

Sponsors