$ Linux One Liners
Back to lessons

Hosting Operations

Verify a SHA256 Checksum Manifest

You need to confirm files still match a saved SHA256 manifest.

Command

sha256sum -c checksums.sha256

What changed

Nothing changes. The command reads files and checks hashes against the manifest.

Danger

safe

When to use it

Use after copying, restoring, or unpacking files from a backup.

When not to use it

Do not use it if the checksum manifest came from an untrusted source.

Undo or recovery

No undo needed because this command is read-only.

Expected output

One OK line per verified file.

demo script

Disposable terminal steps

  1. sed -n '1,4p' checksums.sha256
  2. sha256sum -c checksums.sha256
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ sed -n '1,4p' checksums.sha256
5a453a017f0c3bfb78e8205c21f7fcba3e26b1cc406b48664217931d26c1c50d  source/app/config.yml
5836e81dfa7b529b8773edf3addc5a43e3397d0bf8afc1534728f5090e7b2a5f  source/content/index.md
1dc8e74b2fc81bc174426952064e702cd22719d42ae1290df8f5081df42a758f  source/content/about.md
6d6ddf6160dbd0685f29b421c8f85ad7ae4e7c6eb12ef9987cc699c7debd046a  source/assets/logo.svg
::exit-code::0
$ sha256sum -c checksums.sha256
source/app/config.yml: OK
source/content/index.md: OK
source/content/about.md: OK
source/assets/logo.svg: OK
::exit-code::0

YouTube Short

Verify checksum manifests.

After a restore or copy, run sha256sum -c so every listed file proves it still matches.

LinkedIn hook

A checksum file is only useful if you actually verify it.

Question: Do you verify checksum manifests after restores, or just create them?

experiments

A/B tests to run

Metric: watch_time

A: Create and verify.

B: The OK lines matter.