To verify a shasum or any other integrity hash, from a website that hosts a file with its shasum, you would normally take the following approach:
- Download the file and its SHASUMS file and place both of these files in the same directory
- run
sha256sum -c SHASUMS
If the file integrity is intact then it would output:
filename: OK
But what if you only have the file and the shasum and no file? Case in point: Downloading boost libraries from official website
You could do a step before step 1 by creating a properly formatted SHASUM file, using the SHASUM taken from the website and the file name.
But a faster and easier way is by using pipes and running shasum using standard input
echo "$ACTUAL_SHA_VALUE $FILENAME" | sha256sum -c
where $ACTUAL_SHA_VALUE is the shasum copied from the site and $FILENAME is the file name.
NOTE: There are two (2) spaces in between $ACTUAL_SHA_VALUE and $FILENAME. If this is not the case you will get an error of not having properly formatted SHA256 checksum lines