This article outlines how to use Windows PowerShell or a GNU/Linux terminal to validate the integrity of files with MD5 or SHA256 checksums.

In VMware and PhotonOS environments, ensuring that files maintain integrity as they pass through each hop of your infrastructure is essential for preventing data loss or corruption, especially when managing key resources like patches, product support packs (PSPs), upgrade repository ISO files, and OVAs for new installations. This is particularly important when using Aria Suite Lifecycle 8.x to manage the deployment and upgrade of other Aria Suite products.

Validating file integrity prevents issues such as incomplete or corrupted updates, which can result in system instability or failed installations. For example, you might see a log entry like:

25/01/2025 05:44:02 [INFO] package UPDATE VERSION: vro-migrate  noarch  (none)  8.18.0.1717756088  24015865  /package-pool/vro-migrate-8.18.0.1717756088-24015865.noarch.rpm  rpm  6387  31cf00acc8204b32302f7a0d23607c628b714d7e
25/01/2025 05:44:02 [INFO] Downloading file. URL: https://<fqdn>/vra/8.18.0/upgrade/update/package-pool/VMware-Log-Insight-Agent-8.18.0-24019905.noarch.rpm
25/01/2025 05:44:02 [ERROR] Invalid checksum. url=/package-pool/VMware-Log-Insight-Agent-8.18.0-24019905.noarch.rpm, downloadchecksum=3ad71a5864cd55bdb3450dfa3febf387b33a501b, filechecksum=05100b72a82753df7940b70ca59587125c451cac
25/01/2025 05:44:02 [ERROR] Setting job error information. jobid=22, errorCode=9, errorString=Error during package download.  Please try again.
25/01/2025 05:44:02 [ERROR] Job <22> failed. Error code:9Error message: Error during package download.  Please try again.

This KB also provides an example multiple-hop scenario where we recommend files be verified after each transfer. Meaning from a workstation via VPN into a network, and then into a datastore or directly into the /data directory of an Aria Suite Lifecycle appliance.

Aria Suite Lifecycle 8.x

Step-by-Step Instructions for File Integrity Validation

Windows PowerShell

1. Open PowerShell:

Press Win + X and select "Windows PowerShell" or “Terminal”

2. Generate the file's hash:

Use the following commands to generate the file's respective checksums:

For MD5:

get-filehash C:\Path\To\Your\File -algorithm md5

or

certutil -hashfile C:\Path\To\Your\File md5

For SHA256:

get-filehash C:\Path\To\Your\File -algorithm sha256

or

certutil -hashfile C:\Path\To\Your\File sha256

3. Compare hash values:

You can now compare the output values with the ones published on the download portal.

PhotonOS or GNU/Linux

1. Open the terminal:

Access PhotonOS’s terminal via SSH or your GNU/Linux system’s terminal.

2. Generate the file's hash:

Use the following commands to generate the file's respective checksums:

For MD5:

md5sum /Path/To/Your/File

For SHA256:

sha256sum /Path/To/Your/File

3. Compare hash values:

You can now compare the output values with the ones published on the download portal.

Example Multiple-Hop Scenario:

Let’s assume you on a workstation connected into a remote network via a VPN, and transferring files from your workstation to a designated resource in the remote network, before finally transferring the file into a datastore or directly into the /data directory of an Aria Suite Lifecycle appliance.

1. First Hop – Download Portal to Workstation:

1. After downloading a file from the download portal, generate a hash (MD5 or SHA256) of the file on your workstation.
2. Compare this value to the one published on the download portal for the corresponding file, and confirm they match.
3. A match validates the file’s integrity before transferring it to a remote network. Transfer the file and proceed to the Second Hop.
4. A failure to match means the file was corrupted during download, so remove the file and attempt a new download from the download portal. Then repeat at step a).

2. Second Hop – Workstation VPN to Remote Network:

1. After the file is transferred to a remote network resource (e.g. designated file server or jump box), generate a hash (MD5 or SHA256) of the file on the remote network resource.
2. Compare this value to the previous validated hash, or the hash published on the download portal for the corresponding file and confirm the values match.
3. A match validates the file’s integrity before transferring it to a datastore or an Aria Suite Lifecycle Transfer the file, and proceed to the Third Hop.
4. A failure to match means the file was corrupted during transit, so remove the file from the remote network resource, and attempt a new transfer from the Workstation. Then repeat from step a).

3. Third Hop – Remote Network to Datastore or /data Directory:

1. Finally, after the file is transferred to a datastore or directly to the /data directory in an Aria Suite Lifecycle appliance, generate a hash (MD5 or SHA256) one more time in this final location.
2. Compare this value to the previous validated hash, or the hash published on the download portal for the corresponding file, and confirm the values match.
3. A match validates the file’s integrity throughout the various hops of your infrastructure. You may now proceed with the deployment or upgrade activity.
4. A failure to match means the file was corrupted during transit, so remove the file from the datastore or Aria Suite Lifecycle appliance, and attempt a new transfer from the remote network resource. Then repeat from step a).

By validating the integrity at each step, whether on workstations, remote network resources, datastores, or appliances, any potential file corruption can be traced to a specific hop. This enables easier troubleshooting, and ensures a seamless update, patch, or installation process.