>From the recommended release page: https://subversion.apache.org/download.cgi#recommended-release
The Checksum (SHA512) file: https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512 Contains: ccbe860ec93a198745e40620cb7e005a85797e344a99ddbc0e24c32ad846976eae35cf5b3d62ba5751b998f0d40bbebbba72f484d92c92693bbb2112c989b129 In order to check the hash of the file using a command like this: sha512sum --check subversion-1.10.2.tar.bz2.sha512 Shouldn't the format of that file (subversion-1.10.2.tar.bz2.sha512) be something like this: ccbe860ec93a198745e40620cb7e005a85797e344a99ddbc0e24c32ad846976eae35cf5b3d62ba5751b998f0d40bbebbba72f484d92c92693bbb2112c989b129 subversion-1.10.2.tar.bz2 That is, it should contain the hash AND the file name. Given the current situation, can anyone think of a shell script blurb to download the files then verify with the hash? Normally, I would do it with something like this: #!/usr/bin/env bash FILE=subversion-1.10.2.tar.bz2 if [ ! -f $FILE ]; then echo "Fetching $FILE" wget http://www-eu.apache.org/dist/subversion/subversion-1.10.2.tar.bz2 fi FILE=subversion-1.10.2.tar.bz2.sha512 if [ ! -f $FILE ]; then echo "Fetching $FILE" wget https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512 fi sha512sum --check subversion-1.10.2.tar.bz2.sha512 || exit 1 # and the script continues...