Added verify page for checksums and keys
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/aa0f872c Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/aa0f872c Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/aa0f872c Branch: refs/heads/0.5.0 Commit: aa0f872c9f529c583a91ef1794e5f439d5d8ad52 Parents: d73bb31 Author: Andrew Kennedy <[email protected]> Authored: Fri Apr 19 13:40:25 2013 +0100 Committer: Andrew Kennedy <[email protected]> Committed: Fri Apr 19 17:12:40 2013 +0100 ---------------------------------------------------------------------- docs/meta/brooklyn-gpg-public-key.asc | 21 +++++++++++++ docs/meta/toc.json | 2 ++ docs/meta/verify.md | 47 ++++++++++++++++++++++++++++++ docs/start/download.md | 2 +- 4 files changed, 71 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/aa0f872c/docs/meta/brooklyn-gpg-public-key.asc ---------------------------------------------------------------------- diff --git a/docs/meta/brooklyn-gpg-public-key.asc b/docs/meta/brooklyn-gpg-public-key.asc new file mode 100644 index 0000000..3b515a4 --- /dev/null +++ b/docs/meta/brooklyn-gpg-public-key.asc @@ -0,0 +1,21 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG/MacGPG2 v2.0.18 (Darwin) +Comment: GPGTools - http://gpgtools.org + +mQENBFDsSLEBCAC2JxQHeXpL3oGN2IickcG9C49gkxIsws4hpasQModVipezrQi0 +9pLq4lkB01GgC2sfPH+XXE8rCpA9EL0e4wVA7JICz5AsLZAAJH91tKksL20tLMeU +Yrbufaq1ga7ifk3JWhF4iwvkDMBKyCjrF173nI+2TwX2XfNTQpzoQGOL1bNvS4NZ +AD9JeXGW2D996zHdSK+x3wVdY3cDECvVMuw61+5ytZrGNnyvaaWTl3lJUyydPXHQ +5TXVtbQH5WgYCLPr4E95axJ0BoY8H+fEaG1Uax1a+xLumVWhiWNp7rMvmgcZXuJO +fx+wXAIbRNlAHoJcdZ4NCReRxDIBQ+2HsU1zABEBAAG0bUJyb29rbHluIFByb2pl +Y3QgKGJyb29rbHluLmlvKSAoS2V5IHVzZWQgdG8gYXV0aGVudGljYXRlIEJyb29r +bHluIGFydGlmYWN0cykgPGJyb29rbHluLWRldkBncm91cHMuZ29vZ2xlLmNvbT6J +AT8EEwECACkFAlDsSLECGy8FCQeGH4AHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIX +gAAKCRANhinnSRLCsOdIB/4tUVShup2NHXJ9acCah8TuEN4GmN9dBiD9YsGW66SR +/ptY0Gn9XExl2wbmQW+7TQg3QUGv8uffwYLtnMwnmCp/WwgE+uSnRmcENxa9GuTu +PLlURKKGK0C9ljTAHwXtPcIYxPNN3BT4VB56ME1DTBRCgEvudaNSANs8/kT88kE2 +eMC7x0Uo3/P38Ob8XSOfR8c6G6nSz6jILcRBXZTPNNK4svyqF5XHIru65d3/0+mr +bpfcDLcUQYms0MpPmO1RCHLZWwJLsPUIxNwGGnKJc8/RNEvQinK+Ap0cf+PGUQSX +PhB6Z81ROFIVToEVZslgSiL+u4Tc7zXDfDQDY4HeLY2t +=w/CG +-----END PGP PUBLIC KEY BLOCK----- http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/aa0f872c/docs/meta/toc.json ---------------------------------------------------------------------- diff --git a/docs/meta/toc.json b/docs/meta/toc.json index 29c71a5..0e7a6e9 100644 --- a/docs/meta/toc.json +++ b/docs/meta/toc.json @@ -3,6 +3,8 @@ "file": "{{ site.url }}/meta/versions.html" }, { "title": "Governance", "file": "{{ site.url }}/meta/governance.html" }, +{ "title": "Verify", + "file": "{{ site.url }}/meta/verify.html" }, { "title": "Contact", "file": "{{ site.url }}/meta/contact.html" } ] http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/aa0f872c/docs/meta/verify.md ---------------------------------------------------------------------- diff --git a/docs/meta/verify.md b/docs/meta/verify.md new file mode 100644 index 0000000..faa97f5 --- /dev/null +++ b/docs/meta/verify.md @@ -0,0 +1,47 @@ +--- +layout: page +title: Verify the integrity of the files +toc: /toc.json +--- +{% include fields.md %} + +It is essential that you verify the integrity of the downloaded files using the PGP signatures or SHA-1 checksums. + +The PGP signatures can be verified using PGP or GPG. First download the [brooklyn-gpg-public-key.asc](brooklyn-gpg-public-key.asc) +file as well as the `.asc` PGP signature file for the relevant artefact. Make sure you get these files from the main +{% if SNAPSHOT %} +[Maven Central]({{ mavencentral_repo_groupid_url }}) +{% else %} +[Sonatype]({{ sonatype_repo_groupid_url }}) +{% endif %} +repository rather than from a mirror. Then verify the signatures using one of the following commands: + +``` +% pgpk -a brooklyn-gpg-public-key.asc +% pgpv brooklyn-{{ site.brooklyn-version }}-dist.tar.gz.asc +``` + +or + +``` +% pgp -ka brooklyn-gpg-public-key.asc +% pgp brooklyn-{{ site.brooklyn-version }}-dist.zip.asc +``` + +or + +``` +% gpg --import brooklyn-gpg-public-key.asc +% gpg --verify brooklyn-{{ site.brooklyn-version }}-dist.tar.gz.asc +``` + +You can also verify the SHA-1 checksum of the files. A program called `sha1` or `sha1sum` is included in +most Linux distributions and OSX. For Windows users, `fsum` supports SHA-1. Ensure your generated checksum +string matches the contents of the `.sha1` file for the relevant artefact, again making sure you get this +file from the main +{% if SNAPSHOT %} +[Maven Central]({{ mavencentral_repo_groupid_url }}) +{% else %} +[Sonatype]({{ sonatype_repo_groupid_url }}) +{% endif %} +repository, rather than from a mirror. http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/aa0f872c/docs/start/download.md ---------------------------------------------------------------------- diff --git a/docs/start/download.md b/docs/start/download.md index 6555fa3..b7c1ef0 100644 --- a/docs/start/download.md +++ b/docs/start/download.md @@ -13,7 +13,7 @@ First time user? The [getting started]({{ site.url }}/use/guide/quickstart/index <tr> <th style='text-align:left'>Download</th> <th style='text-align:left'>File/Format</th> - <th>checksums <small><a href="/meta/asc.html" title='Instructions on verifying the integrity of your downloads.'>(?)</a></small></th> + <th>checksums <small><a href="/meta/verify.html" title='Instructions on verifying the integrity of your downloads.'>(?)</a></small></th> </tr> <tr> <td style='text-align:left;vertical-align:top' rowspan='2'>Distro</td>
