You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ws...@apache.org on 2009/12/18 23:34:17 UTC
svn commit: r892389 - /archiva/site/src/site/apt/download.apt
Author: wsmoak
Date: Fri Dec 18 22:34:17 2009
New Revision: 892389
URL: http://svn.apache.org/viewvc?rev=892389&view=rev
Log:
[MRM-1297] Add information about how to verify the integrity of downloaded files.
Modified:
archiva/site/src/site/apt/download.apt
Modified: archiva/site/src/site/apt/download.apt
URL: http://svn.apache.org/viewvc/archiva/site/src/site/apt/download.apt?rev=892389&r1=892388&r2=892389&view=diff
==============================================================================
--- archiva/site/src/site/apt/download.apt (original)
+++ archiva/site/src/site/apt/download.apt Fri Dec 18 22:34:17 2009
@@ -70,3 +70,34 @@
More releases are available in the {{{http://archive.apache.org/dist/archiva/binaries/} Apache Archiva Archives}}
or prior to the graduation from Maven, in the {{{http://archive.apache.org/dist/maven/binaries/} Apache Maven Archives}}.
+
+* Verify the integrity of the files
+
+ We recommend that you verify the integrity of the downloaded files using the PGP signatures and MD5 checksums.
+
+ The PGP signatures can be verified using PGP or GPG. First download the {{{http://www.apache.org/dist/archiva/KEYS}KEYS}}
+ as well as the asc signature file for the particular distribution. Make sure you get these files from
+ {{{http://www.apache.org/dist/archiva}the main distribution directory}},
+ rather than from a mirror. Then verify the signatures using
+
+
+ % pgpk -a KEYS
+
+ % pgpv ${filename}.tar.gz.asc
+
+ or
+
+ % pgp -ka KEYS
+
+ % pgp ${filename}.tar.gz.asc
+
+ or
+
+ % gpg --import KEYS
+
+ % gpg --verify ${filename}.tar.gz.asc
+
+ You can also verify the MD5 signature on the files. A Unix program called md5 or md5sum is included in many
+ Unix distributions. It is also available as part of {{{http://www.gnu.org/software/coreutils/}GNU Coreutils}}.
+ Windows users can get binary md5 programs from {{{http://www.fourmilab.ch/md5/}Fourmilab}},
+ {{{http://www.pc-tools.net/win32/freeware/console}PC-Tools}} or {{{http://www.slavasoft.com/fsum/}SlavaSoft}}.