Skip to content
Latchkey

sha256sum: Usage, Options & Common CI Errors

sha256sum produces a SHA-256 digest and verifies downloads against a known checksum.

sha256sum is the standard integrity gate for downloaded tools in CI. The verify mode (-c) is the important part, and its strict checksum-file format causes most failures.

What it does

sha256sum prints the SHA-256 hash of each file in the format "<hash> <filename>" (two spaces), and with -c reads such a file and reports whether each listed file still matches.

Common usage

Terminal
sha256sum file.tar.gz
sha256sum file.tar.gz > file.sha256
sha256sum -c file.sha256                 # verify (exit non-zero on mismatch)
echo "<expected>  file.tar.gz" | sha256sum -c -
sha256sum -c --ignore-missing sums.txt

Options

FlagWhat it does
-c / --checkVerify files against a checksum list
--ignore-missingDo not fail on listed files that are absent
--quietPrint only failures
--statusNo output; rely on exit code
-b / --binaryRead in binary mode

Common errors in CI

file.tar.gz: FAILED / "sha256sum: WARNING: 1 computed checksum did NOT match" means the file differs from the expected hash - a corrupted/partial download or the wrong file; re-download. "no properly formatted SHA256 checksum lines found" means the checksum file format is off - it needs exactly two spaces (or a space+asterisk for binary) between hash and name. On macOS the tool is shasum -a 256, not sha256sum.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →