You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2018/07/11 10:06:45 UTC
couchdb-www git commit: better instructions
Repository: couchdb-www
Updated Branches:
refs/heads/asf-site 297e789bd -> fc07de36e
better instructions
Project: http://git-wip-us.apache.org/repos/asf/couchdb-www/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-www/commit/fc07de36
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-www/tree/fc07de36
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-www/diff/fc07de36
Branch: refs/heads/asf-site
Commit: fc07de36eb87586c254f0841fb4fa35c89c4d3b6
Parents: 297e789
Author: Jan Lehnardt <ja...@apache.org>
Authored: Wed Jul 11 11:01:10 2018 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Wed Jul 11 11:01:10 2018 +0200
----------------------------------------------------------------------
index.html | 4 ++--
verify-downloads.txt | 11 +++++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-www/blob/fc07de36/index.html
----------------------------------------------------------------------
diff --git a/index.html b/index.html
index 1b3a69d..436993c 100644
--- a/index.html
+++ b/index.html
@@ -619,7 +619,7 @@ Thanks to Yohei Shimomae and the Apache Cordova team for the original design.
</li>
</ul>
<div>
- All source tarballs and release binaries are signed with <a href="https://www.apache.org/dist/couchdb/KEYS">one of these GPG keys</a>. You can verify a release by importing the key file and running <code>gpg --verify /path/to/downloaded/file.asc</code>
+ <a href="verify-downloads.txt">Instructions for verifying downloads.</a>
</div>
</div>
@@ -687,7 +687,7 @@ Thanks to Yohei Shimomae and the Apache Cordova team for the original design.
<div>
- All source tarballs and release binaries are signed with <a href="https://www.apache.org/dist/couchdb/KEYS">one of these GPG keys</a>. You can verify a release by importing the key file and running <code>gpg --verify /path/to/downloaded/file.asc</code>
+ <a href="verify-downloads.txt">Instructions for verifying downloads.</a>
</div>
</div>
http://git-wip-us.apache.org/repos/asf/couchdb-www/blob/fc07de36/verify-downloads.txt
----------------------------------------------------------------------
diff --git a/verify-downloads.txt b/verify-downloads.txt
new file mode 100644
index 0000000..10b1ae1
--- /dev/null
+++ b/verify-downloads.txt
@@ -0,0 +1,11 @@
+All source tarballs and release binaries are signed with one of these GPG keys: https://www.apache.org/dist/couchdb/KEYS
+
+You can verify a release by importing the key file and running:
+
+ gpg --import KEYS
+ gpg --verify /path/to/downloaded/file.asc
+
+In addition, we produce hashes for the download files with sha256 and sha512. You can validate those hashes:
+
+ shasum -n 256 /path/to/downloaded/file.sha256
+ shasum -n 512 /path/to/downloaded/file.sha512