You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by db...@apache.org on 2021/10/27 00:44:16 UTC
[geode-site] branch master updated: Update verification
instructions: SHA256 replaces MD5
This is an automated email from the ASF dual-hosted git repository.
dbarnes pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/geode-site.git
The following commit(s) were added to refs/heads/master by this push:
new 77881b4 Update verification instructions: SHA256 replaces MD5
77881b4 is described below
commit 77881b412d028d256d4397fcc6df1994f724283e
Author: Dave Barnes <db...@apache.org>
AuthorDate: Tue Oct 26 17:44:02 2021 -0700
Update verification instructions: SHA256 replaces MD5
---
website/content/releases/index.html | 42 +++++++++++++++++++++++--------------
1 file changed, 26 insertions(+), 16 deletions(-)
diff --git a/website/content/releases/index.html b/website/content/releases/index.html
index 9b2408c..57b01c0 100644
--- a/website/content/releases/index.html
+++ b/website/content/releases/index.html
@@ -218,28 +218,38 @@ dependencies {
<p>
The PGP signatures can be verified using PGP or GPG. First download the <a href="https://downloads.apache.org/geode/KEYS">KEYS</a> as well as the <em>asc signature</em> file for the particular distribution. Then verify the signatures using:
</p>
- <p>
+ <p style="margin-left:5%"><tt>
% pgpk -a KEYS
- </br></br>
- % pgpv ${filename}.tar.gz.asc
- </br></br>
+ </br>
+ % pgpv ${filename}.tar.gz.asc</tt>
+ </p>
+ <p>
or
- </br></br>
+ <p style="margin-left:5%"><tt>
% pgp -ka KEYS
- </br></br>
- % pgp ${filename}.tar.gz.asc
- </br></br>
+ </br>
+ % pgp ${filename}.tar.gz.asc</tt>
+ <p>
or
- </br></br>
+ <p style="margin-left:5%"><tt>
% gpg --import KEYS
- </br></br>
- % gpg --verify ${filename}.tar.gz.asc
- </br></br>
+ </br>
+ % gpg --verify ${filename}.tar.gz.asc</tt>
</p>
- <p>
- Alternatively, you can verify the MD5 signature on the files. A Unix program called md5 or md5sum is included in many Unix distributions.
- It is also available as part of <a href="http://www.gnu.org/software/textutils/textutils.html">GNU Textutils</a>.
- Windows users can get binary md5 programs from <a href="http://www.fourmilab.ch/md5/">Fourmilab.ch</a>, <a href="http://www.pc-tools.net/win32/md5sums/">PC-Tools.Net</a>, or <a href="http://www.slavasoft.com/fsum/">SlavaSoft.com</a>.
+ <p>
+ Alternatively, you can verify the SHA256 checksum on the files. A program called <tt>sha256sum</tt>
+ or <tt>shasum -a 256</tt> is included in most Linux distributions:
+ </p>
+ <p style="margin-left:5%"><tt>sha256sum --check ${filename}.tgz.sha256</tt>
+ </p>
+ <p>
+ Windows users can use the built-in CertUtil:
+ </p>
+ <p style="margin-left:5%"><tt>CertUtil -hashfile ${filename}.tgz SHA256</tt>
+ </p>
+ <p>or PowerShell command:</p>
+ <p style="margin-left:5%"><tt>Get-FileHash ${filename}.tgz -Algorithm SHA256 | Format-List</tt>
+ </p>
<p>
If you want to build directly from source, see the BUILDING.md file in the top-level source directory.
</p>