# Verifying MySQL Package Integrity

MySQLMySQLi Database

Let us understand how to verify the package integrity of MySQL −

Once the MySQl package that suits the user’s requirements has been downloaded, it has to be installed. Before installation, it is to be ensured that the package is intact and hasn’t been tampered with.

## Check Integrity of package

There are three ways in which the integrity of the package can be checked. They have been listed below.

• MD5 checksums

• Cryptographic signatures with the help of GnuPG, which is the GNU Privacy Guard

• For RPM packages, the built-in PRM integrity verification mechanism

Let us understand the MD5 checksum method of checking the integrity of the package.

## MD5 Checksum

Of the MD5 checksum or the GPG signatures don’t match, the user should try downloading the respective package again, from a mirror site.

Once the package has been downloaded, ensure that its MD5 checksum matches the one which has been provided on the MySQL download page. Every package has an individual checksum which can be verified against the package that was downloaded by the user.

Every operating system and setup has its own version of tools to check the MD5 checksum. In general, the name of the command is ‘md5sum’ or ‘md5’, but some operating systems don’t have this at all.

On Linux, this checksum is present as a part of the GNU Text Utilities package, and this is available on a wide range of platforms.

If OpenSSL has been installed, the command ‘openssl md5 package_name’ can be used.

The windows implementation of md5 command line utility can be found herehttp:// www.fourmilab.ch/md5/

The ‘winMd5Sum’ is a graphical MD5 checking tool that can be found here http://www.nullriver.com/index/products/winmd5sum

Let us see the Windows and Linux equivalents of this MD5 checksum −

shell> md5sum mysql−standard−8.0.25−linux−i686.tar.gz
aaab65abbec64d5e907dcd41b8699945 mysql−standard−8.0.25−linux−i686.tar.gz
shell> md5.exe mysql−installer−community−8.0.25.msi
aaab65abbec64d5e907dcd41b8699945 mysql−installer−community−8.0.25.msi

The user needs to verify that the resultant checksum, which is a string of hexadecimal digits matches the one that has been shown on the download page immediately below the specific package. Ensure that the checksum of the archive file (such as .zip, .tar.gz, .msi) is verified, and not that of the files present inside the archive. Basically, verify the file before extracting the contents from inside it.

Published on 08-Mar-2021 11:41:33