Windows: use certutil.exe to validate files.

In Windows builds, I was checking for the existence of md5sum.exe, and if present, I used it for verifying downloaded files. However, this is not a standard utility that comes built into Windows 10. I found there is a standard utility certutil.exe that can calculate md5, sha256, etc, checksums. However, it does not verify files created by the Linux utilities md5sum, sha256sum, etc. So I created a batch file checksum.bat that invokes certutil.exe to process one of those listing files. Reworked run.bat to call checksum.bat instead of using md5sum.exe.
2026-05-19 06:17:03 -04:00 · 2022-01-19 17:49:10 -05:00
parent ab9b5a5ce5
commit c668ea81e5
2 changed files with 107 additions and 13 deletions
--- a/generate/checksum.bat
+++ b/generate/checksum.bat
@@ -0,0 +1,94 @@
+@echo off
+setlocal EnableDelayedExpansion
+REM -------------------------------------------------------------------------
+REM    checksum.bat - by Don Cross / cosinekitty@gmail.com
+REM
+REM    A wrapper around the standard Windows certutil.exe utility
+REM    that allows verifying checkum listings produced by the
+REM    Linux utilities sha256sum, md5sum, ....
+REM -------------------------------------------------------------------------
+
+if "%1" == "" goto usage
+if "%2" == "" goto usage
+if not "%3" == "" goto usage
+set hashfunc=%1
+set textfile=%2
+
+set certutil=
+for %%x in (certutil.exe) do (set certutil=%%~$PATH:x)
+if not defined certutil (
+    echo ERROR: could not find certutil.exe
+    exit /b 2
+)
+
+if not exist !textfile! (
+    echo.ERROR - textfile "!textfile!" does not exist.
+    exit /b 2
+)
+
+set /a failcount = 0
+for /f "tokens=1,2" %%a in (!textfile!) do (
+    if not exist %%b (
+        echo.ERROR - File does not exist: %%b
+        set /a failcount += 1
+    ) else (
+        certutil.exe -hashfile %%b !hashfunc! > checksum.tmp
+        if errorlevel 1 (
+            type checksum.tmp
+            echo.ERROR - unexpected error !ErrorLevel! returned by certutil.exe.
+            exit /b 2
+        )
+
+        set /a lnum = 0
+        set sum=
+        for /f %%x in (checksum.tmp) do (
+            set /a lnum += 1
+            if !lnum! == 2 (
+                set sum=%%x
+            )
+        )
+        if not defined sum (
+            echo.ERROR - missing checksum in certutil.exe output for file %%b
+            exit /b 2
+        )
+        if !sum! == %%a (
+            echo.%%b : OK
+        ) else (
+            type checksum.tmp
+            echo.expected   checksum = %%a
+            echo.calculated checksum = !sum!
+            echo.%%b : FAILURE
+            set /a failcount += 1
+        )
+    )
+)
+if exist checksum.tmp (del checksum.tmp)
+
+if !failcount! gtr 0 (
+    echo.ERROR - !failcount! checksum failures
+    exit /b 1
+)
+
+echo.SUCCESS
+exit /b 0
+
+REM -------------------------------------------------------------------------
+:usage
+echo.checksum.bat by Don Cross - https://github.com/cosinekitty/astronomy
+echo.
+echo.USAGE: checksum.bat hashfunc textfile
+echo.
+echo.where
+echo.
+echo.hashfunc = sha256, md5, ...
+echo.textfile = text file produced by Linux sha256sum, md5sum, ...
+echo.
+echo.Processes the lines of text inside textfile, and verifies
+echo.the checksums inside each.
+echo.
+echo.Return code:
+echo.0 = all checksums verified correctly
+echo.1 = at least one checksum failure
+echo.2 = some other error (see printed output)
+echo.
+exit /b 2
--- a/generate/run.bat
+++ b/generate/run.bat
@@ -1,13 +1,13 @@
@echo off
 setlocal EnableDelayedExpansion

-call :Download https://github.com/cosinekitty/ephemeris/raw/master/lnxp1600p2200.405 lnxp1600p2200.405 ephemeris.md5
+call :Download https://github.com/cosinekitty/ephemeris/raw/master/lnxp1600p2200.405 lnxp1600p2200.405 ephemeris.sha256
 if errorlevel 1 (exit /b 1)

-call :Download https://github.com/cosinekitty/ephemeris/raw/master/top2013/TOP2013.dat TOP2013.dat top2013.md5
+call :Download https://github.com/cosinekitty/ephemeris/raw/master/top2013/TOP2013.dat TOP2013.dat top2013.sha256
 if errorlevel 1 (exit /b 1)

-call :Download https://raw.githubusercontent.com/astronexus/HYG-Database/master/hygdata_v3.csv hygdata_v3.csv hygdata_v3.md5
+call :Download https://raw.githubusercontent.com/astronexus/HYG-Database/master/hygdata_v3.csv hygdata_v3.csv hygdata_v3.sha256
 if errorlevel 1 (exit /b 1)

 set FASTMODE=true
@@ -239,10 +239,9 @@ REM     A special download process helps keep the repo size reasonable.
    setlocal
    for %%x in (wget.exe) do (set wgetexe=%%~$PATH:x)
    for %%x in (curl.exe) do (set curlexe=%%~$PATH:x)
-    for %%x in (md5sum.exe) do (set md5exe=%%~$PATH:x)
    set EPHURL=%1
    set EPHFILE=%2
-    set MD5FILE=%3
+    set SHAFILE=%3
    if not exist !EPHFILE! (
        echo.
        echo.Local file not found: !EPHFILE!
@@ -273,14 +272,15 @@ REM     A special download process helps keep the repo size reasonable.
    )

    :verify_eph
-    if defined md5exe (
-        echo.Using !md5exe! to test integrity of downloaded !EPHFILE!
-        "!md5exe!" -c !MD5FILE!
-        if errorlevel 1 (
-            echo.Corrupt ephemeris file !EPHFILE! detected.
-            if exist !EPHFILE! (del !EPHFILE!)
-            exit /b 1
-        )
+    echo.Using checksum.bat to test integrity of downloaded !EPHFILE!
+    call checksum.bat sha256 !SHAFILE!
+    if errorlevel 2 (
+        echo.Error verifying checksum for !EPHFILE!.
+        exit /b 1
+    ) else if errorlevel 1 (
+        echo.Corrupt ephemeris file !EPHFILE! detected.
+        if exist !EPHFILE! (del !EPHFILE!)
+        exit /b 1
    )
    exit /b 0