sha256sum: Usage, Options & Common CI Errors
sha256sum produces a SHA-256 digest and verifies downloads against a known checksum.
sha256sum is the standard integrity gate for downloaded tools in CI. The verify mode (-c) is the important part, and its strict checksum-file format causes most failures.
What it does
sha256sum prints the SHA-256 hash of each file in the format "<hash> <filename>" (two spaces), and with -c reads such a file and reports whether each listed file still matches.
Common usage
sha256sum file.tar.gz
sha256sum file.tar.gz > file.sha256
sha256sum -c file.sha256 # verify (exit non-zero on mismatch)
echo "<expected> file.tar.gz" | sha256sum -c -
sha256sum -c --ignore-missing sums.txtOptions
| Flag | What it does |
|---|---|
| -c / --check | Verify files against a checksum list |
| --ignore-missing | Do not fail on listed files that are absent |
| --quiet | Print only failures |
| --status | No output; rely on exit code |
| -b / --binary | Read in binary mode |
Common errors in CI
file.tar.gz: FAILED / "sha256sum: WARNING: 1 computed checksum did NOT match" means the file differs from the expected hash - a corrupted/partial download or the wrong file; re-download. "no properly formatted SHA256 checksum lines found" means the checksum file format is off - it needs exactly two spaces (or a space+asterisk for binary) between hash and name. On macOS the tool is shasum -a 256, not sha256sum.