Valium is a download validator which adds some security for those of us who are too lazy to hash and verify our downloads manually.

Valium runs in the background and monitors your download directories. When you download a new file, it hashes it and checks to see if the file was downloaded correctly and without tampering, and notifies you of the result.

This is a basic initial release. It's not that useful until we build up a bigger database of known hashes.

Improvements and feedback (good and bad) welcome! My email address is and my first name is "daniel".

Security Model

There's a bunch of detail at

Installing & Running It

Valium should run on OS X, Windows, and Linux, but I've only tested it and built a package for OS X.

Valium requires growl on OS X. If you don't have growl, install the most recent version from the 1.2 series which is the last free one or submit a patch to use the native notification instead. I started on this but was having trouble.

Download the OS X app from the downloads page, unzip it, move it to your Applications folder, and double click it. It should show up near the clock at the top right of the screen. It doesn't yet automatically run itself when you start up so you have to run it each time you restart.

Hacking on It

Using the system python and probably not being able to build a .app bundle:

brew install pyqt
PYTHONPATH=/usr/local/lib/python2.7/site-packages:$PYTHONPATH python

Using brew's python and being able to built the .app bundle:

brew uninstall pyqt sip # if you'd previously installed them, just in case they're tied to the system python
brew install python pyqt # this'll reinstall pyqt and sip
# Make the brew python take precedence over system python:
sudo nano /etc/paths # move /usr/local/bin above /usr/bin
# Alternatively you can adjust your PATH in bashrc or bash_profile
# Launch a new terminal window or tab so it kicks in
pip install virtualenv virtualenvwrapper
# Edit bashrc or bashprofile to add these 3 lines:
export WORKON_HOME=$HOME/.virtualenvs
source /usr/local/share/python/
export PATH=/usr/local/share/python:${PATH} # "pip install virtualenv" puts it here instead of /usr/local/bin
# Launch a new terminal so this kicks in
mkvirtualenv valium --system-site-packages
workon valium
pip install py2app pyobjc-core pyobjc-framework-Cocoa fabric
./ # to run it,
fab test # to run the test, or
fab build # to build the .app bundle

To Do

  • auto-updates - chrome, firefox, and windows have shown that this is the right way to do updates; just do the right thing and let people focus on work
  • make itself run at boot
  • server to post/check files not in local db
  • add feedback menu
  • add version number to menu
  • add a nice osx drag-to-applications installer