This is an automated email from the ASF dual-hosted git repository. robbie pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/activemq-website.git
commit d896350ae0930d47dae73edd4c241b2ee5173631 Author: Robbie Gemmell <[email protected]> AuthorDate: Tue Sep 7 16:36:22 2021 +0100 ensure download and release pages include a consistent set of details for verifying downloaded files --- src/_includes/verify_download.md | 23 ++++++++++++++++++ src/_layouts/5x_release.md | 30 +----------------------- src/_nms_amqp_releases/apachenmsamqp-v181.md | 7 +++++- src/components/artemis/download/index.md | 8 ++++++- src/components/artemis/download/past_releases.md | 7 +++--- src/components/classic/download/index.md | 8 ++++++- 6 files changed, 47 insertions(+), 36 deletions(-) diff --git a/src/_includes/verify_download.md b/src/_includes/verify_download.md new file mode 100644 index 0000000..1de0a03 --- /dev/null +++ b/src/_includes/verify_download.md @@ -0,0 +1,23 @@ +It is essential that you verify the integrity of the downloaded files using the PGP signature or SHA checksum. + +The PGP signatures can be verified using PGP or GPG. Begin by following these steps: + +1. Download the [KEYS](https://downloads.apache.org/activemq/KEYS) file. +2. Download the .asc signature for the relevant distribution file. +3. Verify the signature using one the following sets of commands, depending on your use of PGP or GPG: + ``` + $ gpg --import KEYS + $ gpg --verify <file-name>.asc <file-name> + + $ pgpk -a KEYS + $ pgpv <file-name>.asc + + $ pgp -ka KEYS + $ pgp <file-name>.asc + ``` + +Alternatively you can \[also\] verify the SHA-512 checksum of the file. For example, using the `sha512sum` command: + +``` +$ sha512sum -c <file-name>.sha512 +``` diff --git a/src/_layouts/5x_release.md b/src/_layouts/5x_release.md index 38f62c5..61c7883 100644 --- a/src/_layouts/5x_release.md +++ b/src/_layouts/5x_release.md @@ -41,36 +41,8 @@ Unix/Linux/Cygwin Distribution|[apache-activemq-{{page.version}}-bin.tar.gz](htt Verify the Integrity of Downloads --------------------------------- -It is essential that you verify the integrity of the downloaded files using the PGP. The PGP signatures can be verified using PGP or GPG. Begin by following these steps: - -1. Download the [KEYS](https://downloads.apache.org/activemq/KEYS) -2. Download the asc signature file for the relevant distribution -3. Verify the signatures using the following commands, depending on your use of PGP or GPG: - ``` - $ pgpk -a KEYS - $ pgpv apache-activemq-<version>-bin.tar.gz.asc - ``` - or - ``` - $ pgp -ka KEYS - $ pgp apache-activemq-<version>-bin.tar.gz.asc - ``` - or - ``` - $ gpg --import KEYS - $ gpg --verify apache-activemq-<version>-bin.tar.gz.asc apache-activemq-<version>-bin.tar.gz - ``` - -(Where <version> is replaced with the actual version, e.g., 5.1.0, 5.2.0, etc.). - -You can also verify SHA512 hash using `sha512sum` command: +{% include verify_download.md %} -``` -$ sha512sum -c apache-activemq-<version>-bin.tar.gz.sha512 -apache-activemq-<version>-bin.tar.gz: OK -``` - -(Where <version> is replaced with the actual version, e.g., 5.1.0, 5.2.0, etc.). Getting the Binaries using Maven 3 ---------------------------------- diff --git a/src/_nms_amqp_releases/apachenmsamqp-v181.md b/src/_nms_amqp_releases/apachenmsamqp-v181.md index 21960b7..1bc1761 100644 --- a/src/_nms_amqp_releases/apachenmsamqp-v181.md +++ b/src/_nms_amqp_releases/apachenmsamqp-v181.md @@ -23,4 +23,9 @@ Changelog - AMQNET-622: Invoke IConnection event listeners on connection lost and on reconnect - AMQNET-633: Fix session creation when connection not started - AMQNET-634: Use 4 as default msg priority -- AMQNET-635: Update AMQPNetLite.Core to 2.4.0 version \ No newline at end of file +- AMQNET-635: Update AMQPNetLite.Core to 2.4.0 version + +Verify the Integrity of Downloads +--------------------------------- + +{% include verify_download.md %} diff --git a/src/components/artemis/download/index.md b/src/components/artemis/download/index.md index e9810df..d3a3cae 100644 --- a/src/components/artemis/download/index.md +++ b/src/components/artemis/download/index.md @@ -7,7 +7,7 @@ type: artemis This is the current ActiveMQ Artemis release. For prior releases, please see the <a href="past_releases">past releases</a> page. -The keys file for verifying these releases can be obtained <a href="https://downloads.apache.org/activemq/KEYS";>here</a>. +It is important to [verify the integrity](#verify-the-integrity-of-downloads) of the files you download. {% assign reversed_releases = site["artemis_releases"] | reverse %} {% assign latest_docs = true %} @@ -34,3 +34,9 @@ This is the current release of ActiveMQ Artemis Native, which is a sub component Source Distribution:|[apache-artemis-native-1.0.2-source-release.zip](https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis-native/1.0.2/activemq-artemis-native-1.0.2-source-release.zip&action=download)|[SHA512](https://downloads.apache.org/activemq/activemq-artemis-native/1.0.2/activemq-artemis-native-1.0.2-source-release.zip.sha512)|[GPG Signature](https://downloads.apache.org/activemq/activemq-artemis-native/1.0.2/activemq-artemis-native-1.0.2-source-release.zip.asc)| This is the native layer used by ActiveMQ Artemis for storage. The broker binary archives above already include a pre-compiled version of this component. +<br/> + +-------------------------------------- +#### Verify the Integrity of Downloads + +{% include verify_download.md %} diff --git a/src/components/artemis/download/past_releases.md b/src/components/artemis/download/past_releases.md index 46ee263..1ed2389 100644 --- a/src/components/artemis/download/past_releases.md +++ b/src/components/artemis/download/past_releases.md @@ -9,10 +9,10 @@ type: artemis These are older releases. To get the current release, please see the <a href="{{site.baseurl}}/components/artemis/download" class="alert-link">download page</a>. </div> -The keys file for verifying the release can be obtained [here](https://downloads.apache.org/activemq/KEYS). - For any releases not shown here, check the [archive](https://archive.apache.org/dist/activemq/activemq-artemis/). +It is important to [verify the integrity]({{site.baseurl}}/components/artemis/download#verify-the-integrity-of-downloads) of the files you download. + {% assign reversed_releases = site["artemis_releases"] | reverse %} {% assign current_releases = "" | split: ',' %} @@ -27,12 +27,11 @@ For any releases not shown here, check the [archive](https://archive.apache.org/ {% for release in reversed_releases %} {% unless current_releases contains release.version %} -<br/> {% include artemis_release.md release=release %} +<br/> {% endunless %} {% endfor %} -<br/> #### ActiveMQ Artemis 2.13.0 (May 26, 2020) [Release Notes](release-notes-2.13.0) | [Git Report](commit-report-2.13.0) | [Documentation](../documentation/2.13.0) diff --git a/src/components/classic/download/index.md b/src/components/classic/download/index.md index 1c4f43a..7bffbd2 100644 --- a/src/components/classic/download/index.md +++ b/src/components/classic/download/index.md @@ -7,6 +7,7 @@ type: activemq5 These are the current releases. For prior releases, please see the [past releases](../../../download-archives) page. +It is important to [verify the integrity](#verify-the-integrity-of-downloads) of the files you download. {% assign releases = site["5x_releases"] | reverse %} @@ -28,4 +29,9 @@ Source Code Distribution:|[activemq-parent-{{release.version}}-source-release.zi {% endfor %} {% endfor %} -The keys file for verifying the release can be obtained [here](https://downloads.apache.org/activemq/KEYS) +<br/> + +-------------------------------------- +#### Verify the Integrity of Downloads + +{% include verify_download.md %}
