To verify a shasum or any other integrity hash, from a website that hosts a file with its shasum, you would normally take the following approach:
- Download the file and its SHASUMS file and place both of these files in the same directory
- run
sha256sum -c SHASUMS
If the file integrity is intact then it would output:
filename: OK
But what if you only have the file and the shasum and no file? Case in point: Downloading boost libraries from official website