It’s good for you to verify sha-1 checksum whenever you downloaded files from Google Code. By performing SHA-1 checksum verification, you will be able to tell if the file is orignal and it’s not being compromised. Of course, not all the website provide sha-1 checksum value, but they do provide, it’s good for us to perform the verification.
To verify a SHA-1 checksum in Mac OS X, follow the steps below:-
- Start your Terminal
- Enter the command below to generate the sha-1 checksum value:-
/usr/bin/openssl sha1 /path/to/test/file.dmg
- Once you enter the command above, your will see an output:-
- And now you match this value with the one that publish at the website. If both is the same then, the file is safe to be executed. If both the value is different, do not execute the file! The file might be changed by someone or compromised by hacker and you should notify the file owner to fix this.