You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/04/21 13:09:36 UTC

[syncope] branch master updated: Fix release verification section by referring to http://www.apache.org/info/verification.html

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new af7c242  Fix release verification section by referring to http://www.apache.org/info/verification.html
af7c242 is described below

commit af7c2426c835ebd6cf7e4e018211aa2e870b3af6
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Wed Apr 21 13:17:53 2021 +0200

    Fix release verification section by referring to http://www.apache.org/info/verification.html
---
 .../systemadministration/setadmincredentials.adoc   | 21 +++------------------
 src/site/xdoc/downloads.xml                         | 12 +-----------
 2 files changed, 4 insertions(+), 29 deletions(-)

diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc
index 0ba8718..7a77099 100644
--- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc
+++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc
@@ -28,12 +28,9 @@ The credentials are defined in the `security.properties` file; text encoding mus
 * `adminPasswordAlgorithm` - algorithm to be used for hash evaluation (default `SHA1`, others as
 `SHA256`, `SHA512`, `SMD5`, `SSHA1`, `SSHA256`, `SSHA512` and `BCRYPT` are supported)
 
-[TIP]
+.Generate SHA1 password value on GNU / Linux
 ====
-The hashed password value can be obtained, depending on the actual algorithm, via various tools.
-
-As an example, for `SHA1` and GNU / Linux and Mac OS X, the `sha1sum` command-line tool of
-http://www.gnu.org/software/coreutils/[GNU Core Utilities^] can be used as follows:
+The `sha1sum` command-line tool of http://www.gnu.org/software/coreutils/[GNU Core Utilities^] can be used as follows:
 [source,bash]
 ....
 echo -n "new_password" | sha1sum
@@ -41,21 +38,9 @@ echo -n "new_password" | sha1sum
 
 Please beware that any shell special character must be properly escaped for the command above to produce the expected
 hashed value.
-
-Again about `SHA1`, for MS Windows some options are available:
-
-* http://support.microsoft.com/kb/841290[MS File Checksum Integrity Verifier^] +
-install, save your password to a file (e.g. `password.txt` without EOL) and issue at command line: +
-[source,bash]
-....
-fciv.exe -sha1 password.txt
-....
-* http://gnuwin32.sourceforge.net/[GnuWin32^] port of GNU utilities for MS Windows
-* http://www.cygwin.com/[Cygwin^] Unix-like environment and command-line interface for Microsoft Windows (featuring
-http://www.gnu.org/software/coreutils/[GNU Core Utilities^])
 ====
 
-.Generate SSHA256 password value with common GNU / Linux tools
+.Generate SSHA256 password value on GNU / Linux
 ====
 ....
 $ python3 pySSHA/ssha.py -p password -enc sha256 -s 666ac543 \
diff --git a/src/site/xdoc/downloads.xml b/src/site/xdoc/downloads.xml
index 1748880..6c69518 100644
--- a/src/site/xdoc/downloads.xml
+++ b/src/site/xdoc/downloads.xml
@@ -275,17 +275,7 @@ under the License.
     </section>
     
     <section name="Verifying Releases">
-      <p>When downloading from a mirror please check the SHA512 checksums as well as verifying the OpenPGP compatible
-        signature available from the main Apache site.
-        The <a href="https://downloads.apache.org/syncope/KEYS">KEYS</a> file contains the public keys used for signing the
-        release. It is recommended that a web of trust is used to confirm the identity of these keys.</p>
-
-      <p>You can check the OpenPGP signature with GnuPG via:</p>
-      <source><![CDATA[gpg --import KEYS
-gpg --verify *syncope*.asc]]></source>
-      
-      <p>You can check the SHA512 checksum with:</p>
-      <source><![CDATA[sha512sum --check *syncope*.sha512]]></source>
+      <p>You can verify your download by following these <a href="http://www.apache.org/info/verification.html">procedures</a> and using these <a href="https://www.apache.org/dist/syncope/KEYS">KEYS</a>.</p>
     </section>
   </body>
 </document>