apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-19 12:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/docs/tmp/en-US/html/sect-source-verify.html

30 lines
5.2 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Verifying the downloaded release</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Apache_CloudStack-Installation_Guide-4.0.0-incubating-en-US-1-" /><link rel="home" href="index.html" title="CloudStack Installation Guide" /><link rel="up" href="sect-source.html" title="Chapter 3. Building from Source" /><link rel="prev" href="sect-source-gettingrelease.html" title="3.1. Getting the release" /><link rel="next" href="sect-source-prereq.html" title="3.3. Prerequisites for building Apache CloudStack" /></head><body><p id="title"><a class="left" href="http://cloudstack.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.cloudstack.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-source-gettingrelease.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-source-prereq.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-source-verify" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-source-verify">3.2. Verifying the downloaded release</h2></div></div></div><div class="para">
There are a number of mechanisms to check the authenticity and validity of a downloaded release.
</div><div class="section" id="sect-source-verify-keys"><div class="titlepage"><div><div><h3 class="title" id="sect-source-verify-keys">3.2.1. Getting the KEYS</h3></div></div></div><div class="para">
To enable you to verify the GPG signature, you will need to download the <a href="http://www.apache.org/dist/dev/incubator/cloudstack/KEYS">KEYS</a> file.
</div><div class="para">
You next need to import those keys, which you can do by running the following command:
<pre class="programlisting"><code class="prompt">#</code> <code class="command">gpg</code> --import KEYS</pre>
</div></div><div class="section" id="sect-source-verify-gpg"><div class="titlepage"><div><div><h3 class="title" id="sect-source-verify-gpg">3.2.2. GPG</h3></div></div></div><div class="para">
The CloudStack project provides a detached GPG signature of the release. To check the signature, run the following command:
<pre class="programlisting"><code class="prompt">$</code> <code class="command">gpg</code> --verify apache-cloudstack-4.0.0-incubating-src.tar.bz2.asc</pre>
</div><div class="para">
If the signature is valid you will see a line of output that contains 'Good signature'.
</div></div><div class="section" id="sect-source-verify-md5"><div class="titlepage"><div><div><h3 class="title" id="sect-source-verify-md5">3.2.3. MD5</h3></div></div></div><div class="para">
In addition to the cryptographic signature, the CloudStack provides a number of cryptographic hashes to aid in assurance of validity of the downloaded release. You can verify this hash by executing the following command:
<pre class="programlisting"><code class="prompt">$</code> <code class="command">gpg</code> --print-md MD5 apache-cloudstack-4.0.0-incubating-src.tar.bz2 | <code class="command">diff</code> - apache-cloudstack-4.0.0-incubating-src.tar.bz2.md5</pre>
</div><div class="para">
If this successfully completes you should see no output. If there is any output from them, then there is a difference between the hash you generated locally and the hash that has been pulled from the server.
</div></div><div class="section" id="sect-source-verify-sha512"><div class="titlepage"><div><div><h3 class="title" id="sect-source-verify-sha512">3.2.4. SHA512</h3></div></div></div><div class="para">
In addition to the MD5 hash, the CloudStack project provides a SHA512 cryptographic hash to aid in assurance of the validity of the downloaded release. You can verify this hash by executing the following command:
<pre class="programlisting"><code class="prompt">$</code> <code class="command">gpg</code> --print-md SHA512 apache-cloudstack-4.0.0-incubating-src.tar.bz2 | <code class="command">diff</code> - apache-cloudstack-4.0.0-incubating-src.tar.bz2.sha</pre>
</div><div class="para">
If this command successfully completes you should see no output. If there is any output from them, then there is a difference between the hash you generated locally and the hash that has been pulled from the server.
</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-source-gettingrelease.html"><strong>Prev</strong>3.1. Getting the release</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-source-prereq.html"><strong>Next</strong>3.3. Prerequisites for building Apache CloudStack</a></li></ul></body></html>
Reference in New Issue View Git Blame Copy Permalink