This article outlines how to use Windows PowerShell or a GNU/Linux terminal to validate the integrity of files with MD5 or SHA256 checksums.
In VMware and PhotonOS environments, ensuring that files maintain integrity as they pass through each hop of your infrastructure is essential for preventing data loss or corruption, especially when managing key resources like patches, product support packs (PSPs), upgrade repository ISO files, and OVAs for new installations. This is particularly important when using Aria Suite Lifecycle 8.x to manage the deployment and upgrade of other Aria Suite products.
Validating file integrity prevents issues such as incomplete or corrupted updates, which can result in system instability or failed installations. For example, you might see a log entry like:
25/01/2025 05:44:02 [INFO] package UPDATE VERSION: vro-migrate noarch (none) 8.18.0.1717756088 24015865 /package-pool/vro-migrate-8.18.0.1717756088-24015865.noarch.rpm rpm 6387 31cf00acc8204b32302f7a0d23607c628b714d7e
25/01/2025 05:44:02 [INFO] Downloading file. URL: https://<fqdn>/vra/8.18.0/upgrade/update/package-pool/VMware-Log-Insight-Agent-8.18.0-24019905.noarch.rpm
25/01/2025 05:44:02 [ERROR] Invalid checksum. url=/package-pool/VMware-Log-Insight-Agent-8.18.0-24019905.noarch.rpm, downloadchecksum=3ad71a5864cd55bdb3450dfa3febf387b33a501b, filechecksum=05100b72a82753df7940b70ca59587125c451cac
25/01/2025 05:44:02 [ERROR] Setting job error information. jobid=22, errorCode=9, errorString=Error during package download. Please try again.
25/01/2025 05:44:02 [ERROR] Job <22> failed. Error code:9Error message: Error during package download. Please try again.
This KB also provides an example multiple-hop scenario where we recommend files be verified after each transfer. Meaning from a workstation via VPN into a network, and then into a datastore or directly into the /data
directory of an Aria Suite Lifecycle appliance.
Aria Suite Lifecycle 8.x
Step-by-Step Instructions for File Integrity Validation
Windows PowerShell
1. Open PowerShell:
Press Win + X and select "Windows PowerShell" or “Terminal”
2. Generate the file's hash:
Use the following commands to generate the file's respective checksums:
For MD5:
get-filehash C:\Path\To\Your\File -algorithm md5
or
certutil -hashfile C:\Path\To\Your\File md5
For SHA256:
get-filehash C:\Path\To\Your\File -algorithm sha256
or
certutil -hashfile C:\Path\To\Your\File sha256
3. Compare hash values:
You can now compare the output values with the ones published on the download portal.
PhotonOS or GNU/Linux
1. Open the terminal:
Access PhotonOS’s terminal via SSH or your GNU/Linux system’s terminal.
2. Generate the file's hash:
Use the following commands to generate the file's respective checksums:
For MD5:
md5sum /Path/To/Your/File
For SHA256:
sha256sum /Path/To/Your/File
3. Compare hash values:
You can now compare the output values with the ones published on the download portal.
Example Multiple-Hop Scenario:
Let’s assume you on a workstation connected into a remote network via a VPN, and transferring files from your workstation to a designated resource in the remote network, before finally transferring the file into a datastore or directly into the /data
directory of an Aria Suite Lifecycle appliance.
1. First Hop – Download Portal to Workstation:
2. Second Hop – Workstation VPN to Remote Network:
3. Third Hop – Remote Network to Datastore or /data Directory:
/data
directory in an Aria Suite Lifecycle appliance, generate a hash (MD5 or SHA256) one more time in this final location.By validating the integrity at each step, whether on workstations, remote network resources, datastores, or appliances, any potential file corruption can be traced to a specific hop. This enables easier troubleshooting, and ensures a seamless update, patch, or installation process.