Release file verification
You should verify downloaded release integrity and authentivity to ensure your file was not corrupted or modified.
Cryptographic hash functions are used to verify file integrity, i.e. to check it was not corrupted at download time.
VyOS uses SHA-1 sums.
Download file named "sha1sums" from your release directory.
Suppose you want to verify "vyos-1.0.2-i386.iso":
$ grep vyos-1.0.2-i386.iso ./sha1sums | sha1sum -c - vyos-1.0.2-i386.iso: OK
If your file is corrupted, you will get something like:
$ grep vyos-1.0.2-i386.iso ./sha1sums | sha1sum -c - vyos-1.0.2-i386.iso: FAILED sha1sum: WARNING: 1 computed checksum did NOT match
You also may verify all files in a directory at once:
sha1sum -c ./sha1sums
Mac OS X
Same to Linux, but the utility is called "shasum".
Use FCIV: http://support.microsoft.com/kb/841290. FCIV uses its own XML-based format for storing checksums, so you'll have to verify it visually or convert first.
Hash functions allow to verify your files was not corrupted during transmission, but not that it was not replaced along with the sums file (e.g. if download server was compromised). You need to use digital signatures for that.