Folks
While trying to automate a download of the ISO files, I ran into inconsistencies with the method of checksums. I was trying to use the checksum values to validate my download.
At least in one mirror (mirrors.sonic.net):
Centos 7 uses a file called sha256sum.txt containing:
087a5743dc6fd6706d9b961b8147423ddc029451b938364c760d75440eb7be14 CentOS-7-x86_64-DVD-2003.iso 4120aff542c2f9a30bcf90d4d79e39511e5d9eabdf202566a94ff24ea7f0974c CentOS-7-x86_64-Everything-2003.iso 659691c28a0e672558b003d223f83938f254b39875ee7559d1a4a14c79173193 CentOS-7-x86_64-Minimal-2003.iso 101bc813d2af9ccf534d112cbe8670e6d900425b297d1a4d2529c5ad5f226372 CentOS-7-x86_64-NetInstall-2003.iso 3febddab1498f940e3127f2f5e1056d6fef57fcd559d5b70ff1bfa55a444f176 CentOS-7-x86_64-LiveGNOME-2003.iso 92be566a5b1d2aa62acf2e4ab01ba91420e7170cdb21e2e190dd1dafcb6a8c94 CentOS-7-x86_64-LiveKDE-2003.iso
Centos 8 uses a file called CHECKSUM containing:
# CentOS-8.1.1911-x86_64-boot.iso: 625999872 bytes SHA256 (CentOS-8.1.1911-x86_64-boot.iso) = 7fea13202bf2f26989df4175aace8fdc16e1137f7961c33512cbfad844008948 # CentOS-8.1.1911-x86_64-dvd1.iso: 7554990080 bytes SHA256 (CentOS-8.1.1911-x86_64-dvd1.iso) = 3ee3f4ea1538e026fff763e2b284a6f20b259d91d1ad5688f5783a67d279423b
While these are fairly easy to understand as a human, a script is burdened with the job of guessing the file name of the checksum file, and then decoding the format. I don't know if this method is used on all mirrors. Would it be too much to ask that there be one format across the distributions. I suspect that SHA256 is going to be an acceptable digest for a few years.
David