How to download an ISO image with BitTorrent fast and safely from the command line

If you are one of those guys who have urge to try out every new (or even beta) release of Linux distribution to satisfy your curiosity and stay up-to-date, you will need to deal with the hassle of downloading big ISO images every now and then. ISO providers typically put up .torrent file of their ISO images to ease up on the bandwidth consumption of their servers. The benefit of peer-to-peer download is obvious for users as well (in terms of speed), especially when a new release of a popular Linux distribution is up for grab, and everyone is downloading and seeding the release at the same time.

Ubuntu 14.10 (Utopic Unicorn) was just released this week. So there should be plenty of seeds to download the release from in the BitTorrent network at the moment. While there are many GUI-based BitTorrent clients out there, I am going to show you how to download ISO images via a simple command-line interface (CLI) BitTorrent client, which can be handy if you are on a remote headless server. Later in this tutorial, I will also demonstrate how to verify the integrity of a downloaded ISO image.

The CLI BitTorrent client I am going to use today is transmission-cli. As you may know, Transmission is one of the most popular GUI-based BitTorrent client. transmission-cli is its stripped-down CLI version.

Install Transmission-cli on Linux

To install transmission-cli, you don't need to install a full-blown GUI-based Transmission, which is nice.

On Debian, Ubuntu or their derivatives:

$ sudo apt-get install transmission-cli

On Fedora:

$ sudo yum install transmission-cli

On CentOS or RHEL (after enabling EPEL repository):

$ sudo yum install transmission-cli

Download an ISO Image Fast with transmission-cli

transmission-cli is really simple to use. If you are too lazy to study its command line options, all you have to do is to download .torrent file, and launch the command with the torrent file. It will automatically look for available peers, and download an ISO file from them.

$ wget http://releases.ubuntu.com/14.10/ubuntu-14.10-desktop-amd64.iso.torrent
$ transmission-cli ubuntu-14.10-desktop-amd64.iso.torrent

Once an ISO image is fully downloaded, it will be stored in ~/Downloads directory by default. It took me only 5 minutes to download 1GB Ubuntu ISO image.

Once it finishes downloading an ISO image, you will see the message "State changed from Incomplete to Complete" in the console. Note that transmission-cli will continue to run afterwards, becoming a seed for other downloaders. Press Ctrl+C to quit.

Customize Download Options for Repeat Use

If you are a repeat user of transmission-cli, it may be worth your time to be familiar with some of its command line options.

The "-w /path/to/download-directory" option specifies the directory where a downloaded file will be saved.

The "-f /path/to/finish-script" option sets a script to run when current download is completed. Recall that transmission-cli, by default, continues running even after a file is fully downloaded. If you want to auto-terminate transmission-cli upon successful download, you can use this option. The following simple finish script will do.

#!/bin/sh
sleep 10
killall transmission-cli

If you want to allocate limited upload/download bandwidth to transmission-cli, you can use "-d <download-speed-in-KB/s> and "-u <upload-speed-in-KB/s> options. If you want to allow unlimited bandwidth instead, simply specify "-D" or "-U" option without any value.

Here is a more advanced usage example of transmission-cli. In this example, the CLI client will automatically exit upon successful download. Download rate is unlimited while upload rate is capped at 50KB/s.

$ transmission-cli -w ~/iso -D -u 50 -f ~/finish.sh ubuntu-14.10-desktop-amd64.iso.torrent

Verify the Integrity of a Downloaded ISO Image

When you download an ISO image, especially from many unknown peers in the BitTorrent network, it is always recommended to verify the integrity of the downloaded image.

In case of Ubuntu releases, Canonical provides several checksum files (e.g., MD5SUM, SHA1SUMS and SHA256SUMS) for verification purpose. Let's use SHA256SUMS in this example.

First, download the following two files.

$ wget http://releases.ubuntu.com/14.10/SHA256SUMS
$ wget http://releases.ubuntu.com/14.10/SHA256SUMS.gpg

The first file is a SHA256 checksum file for ISO images, while the second file (*.gpg) is a signature of the checksum file. The purpose of the second file is to verify the validity of the checksum file itself.

Let's verify the validity of SHA256SUMS file by running this command:

$ gpg --verify SHA256SUMS.gpg SHA256SUMS
gpg: Signature made Thu 23 Oct 2014 09:36:00 AM EDT using DSA key ID FBB75451
gpg: Can't check signature: public key not found

If you are getting the above error, this is because you have not imported the public key used to generate the signature. So now let's import the required public key.

To do that, you need to know the "key ID" of the public key, which is shown in the output of gpg command above. In this example, the key ID is "FBB75451". Run the following command to import the public key from the official Ubuntu keyserver.

$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys FBB75451

Now that the public key has been imported, go ahead and re-run the previous command to verify the signature.

gpg --verify SHA256SUMS.gpg SHA256SUMS

This time you will not see "public key not found" error. If the SHA256SUMS file is valid, you will see "Good signature from <official source>" message. Note that you will also see a warning message saying that "This key is not certified with a trusted signature". Basically this warning message is telling you that you have not assigned any explicit trust to the imported public key. To avoid this warning, you could choose to assign your full trust to the imported public key, but you should do that only after the key has been fully vetted in some other means. Otherwise, you can ignore the warning for now.

After verifying the integrity of SHA256SUMS file, the final last step is to compare the SHA256 checksum of the downloade ISO image against the corresponding checksum value in SHA256SUMS file. For that you can use sha256sum command line tool.

For your convenience, the following one-liner compares the SHA256 checksums and reports the result.

$ sha256sum -c <(grep ubuntu-14.10-desktop-amd64.iso SHA256SUMS)
ubuntu-14.10-desktop-amd64.iso: OK

If you see the above output, that means that two checksum values match. So the integrity of the downloaded ISO image has been successfully verified.

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.


Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of Xmodulo.com. He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.

4 thoughts on “How to download an ISO image with BitTorrent fast and safely from the command line

  1. I'd like to see a similar article about rtorrent. I run it within tmux in my server but what about intermittent use on your desktop?

    • For rtorrent:

      $ sudo apt-get install rtorrent (on Debian/Ubuntu)
      $ sudo yum install rtorrent (wih RPMforge on CentOS/RHEL)
      $ rtorrent ubuntu-14.10-desktop-amd64.iso.torrent

      For desktop use, I still prefer CLI version. :-) If not, Transmission GUI is available as GTK+ (transmission-gtk) or Qt (transmission-qt) version.

  2. What's wrong with using aria2c which has been around for ages and handles all sorts of file links? From it's man page:

    aria2 is a utility for downloading files. The supported protocols are HTTP(S), FTP, BitTorrent, and Metalink. aria2 can download a file from
    multiple sources/protocols and tries to utilize your maximum download bandwidth. It supports downloading a file from HTTP(S)/FTP and BitTorrent
    at the same time, while the data downloaded from HTTP(S)/FTP is uploaded to the BitTorrent swarm. Using Metalink's chunk checksums, aria2 automatically validates chunks of data while downloading a file like BitTorrent.

    • Sure that's yet another BT client. At the end of the day, it comes down to your personal choice. Typically dedicated BT clients such as Transmission or rtorrent are more sophisticated in terms of peer-to-peer features than generic downloaders such as aria2. If you are perfectly fine with aria2, no one says it's wrong to use it. :-)

Leave a comment

Your email address will not be published. Required fields are marked *