Do I need to check the integrity of a Ubuntu install? [duplicate]

iso downloads

Media Checks

As KGIII said - modern releases (20.04 and later) automatically scan. I for sure let that scan occur (on the first boot of the day; I tend to skip it if rebooted in the same box on the same day).

If you don't want to check beforehand, you can switch to a terminal (post-install) and always do a

dmesg |grep squashfs

and look for errors. A standard install should find only the copyright messages when dmesg is scanned; if any other lines appear with squashfs I'd read them as the install is likely not trustworthy.

ISO image Validation

As for ISO image validation pre-write, or How to verify your Ubuntu download, I download using zsync and it checks the integrity of the ISO image at the conclusion of download; I tend to trust that, and just do the self-scan on boot.

If using an older release (pre-20.04), I'll always also do a manual CD integrity check, primarily as the write to USB-media I've found the most troublesome (I have 10+ failures per year, even if that's a smallish percentage of writes; it's still significant).

If I download via a torrent, I tend to do a quick sha256sum check against the checksum file I downloaded using wget on a different device. I tend to perform this check on ISO image files downloaded previously anyway.

Why do it?

The checks take seconds to maybe a minute. If you have a single bit wrong, the debugging the installation or corrupted data could take hours if you're lucky, but more likely days-weeks-months.

There are generally at least one bug report filed per day (on launchpad; I monitor via #ubuntu-bugs-announce), reported by users who've been having problems with they consider a bug that would have been prevented by these checks. The bug reports are just marked INVALID and given a quick paste with a couple of lines from their dmesg output). So I see on a very regular basis users wasting hours trying to repeat processes that will never work (often over days), because they skipped these checks and thus are starting with corrupted media where problems should be expected.

I see it as a very cheap insurance.


These days, it's not as important, so long as it's one of the more modern releases. During the boot phase of the live ISO it does a file integrity check. Just don't skip the pre-boot file system check and you should be good.

Additionally, if you download it with a torrent client, the BitTorrent protocol has a built in file integrity mechanism. So, downloading the image with a torrent client will also automatically verify the file for you.

But, more importantly, verifying the file will not harm anything and will add an extra layer of surety. You lose nothing by taking the time to verify the iso. It's a pretty painless process.


Yes, please do.

There has been an incident once where the integrity of an ISO was compromised. Yes, it was not Ubuntu (but Mint). Even though I (and almost all of us) trust Canonical it is always better to be safe than sorry. And it also takes mere seconds to do so so why not.

If you do find an issue your username will be in the history books and at least for a day you will be the hero ;)

Related

Unable to install Kompozer in Ubuntu 16.04
Internet connection not working although it says it is connected
/usr/sbin/grub-mkconfig: 35: /etc/default/grub: FROM:: not found
Extremely slow Kubuntu Boot (18.04 LTS)
How to make permanent change to .config/user-dirs.dirs?
How do I run executable scripts in Nautilus rather than open them in Gedit text editor? [duplicate]
Avoid missing kernel linux-modules-extra-XX-generic when updating kernel
reconfiguration issues with dpkg
installing 32-bit version of Skype on Ubuntu 16.04
Adjust brightness with xrandr and cron job
Tool to insert text snippets into applications
Can all flavours of Ubuntu 16.04 run the same programs?