Verify sha256sums of files inside tarball using hashfile

Is it possible to check the tarball's files sha256sums **without** first extracting to disk? I have this file: $ cat cathy.sha256 \SHA256 (atypical\nfilename) = ee8b2587b199594ac439b9464e14ea72429bf6998c4fbfa941c1cf89244c0b3e SHA256 (Documents/shopping list (old).txt) = 531ad778437bbec46c60ac4e3434bd1cab2834570e72cf1148db19e4c875ff50 I also have tarball (pax format) with this files inside: $ tar -tv --lzma -f cathy.tar.lzma drwxr-xr-x cathy/staff 0 2024-07-25 01:07 Documents/ -rw-r--r-- cathy/staff 758 2020-01-16 13:02 Documents/shopping list (old).txt -rw-r--r-- cathy/staff 16 2024-07-25 01:06 atypical\nfilename I tried this command but there are errors: $ tar -x --lzma -f cathy.tar.lzma --to-command='{ > printf '\''%s'\'' '\''^\\\?SHA256 ('\''; > printf '\''%s'\'' "$(sed --posix -zE '\''s/\n$//; s/\\/\\\\/g; s/\n/\\n/g; s/\r/\\r/g'\'' sed '\''s/[][\.*^$]/\\&/g'\''; > printf '\''%s'\'' '\'') = [0-9a-f]\{64\}$'\''; > } | grep -f- /path/to/cathy.sha256 | sha256sum -c -' /bin/sh: 3: Syntax error: redirection unexpected tar: 217238: Child returned status 2 /bin/sh: 3: Syntax error: redirection unexpected tar: 217239: Child returned status 2 tar: Exiting with failure status due to previous errors It must be able to handle line feeds (\n) carriage returns (\r) and backslashes (\\) in filenames, converting only those as needed to match the filenames sha256sum saves in .sha256 file (to explain the regex and printf). I expect filenames could contain all characters except NUL (\0) and forwardslash (/). ---- Putting the above --to-command code into script (undesired): $ cat tarHashHelper.sh #!/bin/bash { printf '%s' '^\\\?SHA256 ('; printf '%s' "$(sed --posix -zE 's/\n$//; s/\\/\\\\/g; s/\n/\\n/g; s/\r/\\r/g' <<< "${TAR_REALNAME}")" | sed 's/[][\.*^$]/\\&/g'; printf '%s' ') = [0-9a-f]\{64\}$'; } | grep -f- /path/to/cathy.sha256 | sha256sum -c - reads copies from disk instead (copies i had before): $ tar -x --lzma -f cathy.tar.lzma --to-command='/path/to/tarHashHelper.sh' Documents/shopping list (old).txt: OK \atypical\nfilename: OK and deleting them first gives different error: $ tar -x --lzma -f cathy.tar.lzma --to-command='/path/to/tarHashHelper.sh' sha256sum: 'Documents/shopping list (old).txt': No such file or directory Documents/shopping list (old).txt: FAILED open or read sha256sum: WARNING: 1 listed file could not be read tar: 217318: Child returned status 1 sha256sum: 'atypical'$'\n''filename': No such file or directory \atypical\nfilename: FAILED open or read sha256sum: WARNING: 1 listed file could not be read tar: 217327: Child returned status 1 tar: Exiting with failure status due to previous errors (still tries to read from disk and NOT from tarball. I want it to read from tarball)