(airflow) branch v3-1-test updated: [v3-1-test] Add checksum verification to Apache RAT downloading in release instructions (#60841) (#60862)

shahar Tue, 20 Jan 2026 23:50:20 -0800

This is an automated email from the ASF dual-hosted git repository.

shahar pushed a commit to branch v3-1-test
in repository https://gitbox.apache.org/repos/asf/airflow.git



The following commit(s) were added to refs/heads/v3-1-test by this push:
     new cb6e72359df [v3-1-test] Add checksum verification to Apache RAT 
downloading in release instructions (#60841) (#60862)
cb6e72359df is described below

commit cb6e72359df7160f9cbf831fee85abd167a9af8f
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Wed Jan 21 09:50:07 2026 +0200

    [v3-1-test] Add checksum verification to Apache RAT downloading in release 
instructions (#60841) (#60862)
    
    (cherry picked from commit db9368bb75b625afae60e6bc5bba456795039b4c)
    
    Co-authored-by: Shahar Epstein <[email protected]>
---
 dev/README_RELEASE_AIRFLOW.md       |  7 +++++--
 dev/README_RELEASE_AIRFLOWCTL.md    |  7 +++++--
 dev/README_RELEASE_HELM_CHART.md    | 11 ++++++++---
 dev/README_RELEASE_PROVIDERS.md     |  7 +++++--
 dev/README_RELEASE_PYTHON_CLIENT.md |  7 +++++--
 5 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/dev/README_RELEASE_AIRFLOW.md b/dev/README_RELEASE_AIRFLOW.md
index d1fecd192c9..3f3bf2849c1 100644
--- a/dev/README_RELEASE_AIRFLOW.md
+++ b/dev/README_RELEASE_AIRFLOW.md
@@ -744,10 +744,13 @@ This can be done with the Apache RAT tool.
 
 Download the latest jar from https://creadur.apache.org/rat/download_rat.cgi 
(unpack the binary, the jar is inside)
 
-You can run this command to do it for you:
+You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-wget -qO- 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz | 
gunzip | tar -C /tmp -xvf -
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
+wget -q 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz -O 
/tmp/apache-rat-0.17-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
diff --git a/dev/README_RELEASE_AIRFLOWCTL.md b/dev/README_RELEASE_AIRFLOWCTL.md
index 330ec311930..51592a6d398 100644
--- a/dev/README_RELEASE_AIRFLOWCTL.md
+++ b/dev/README_RELEASE_AIRFLOWCTL.md
@@ -545,10 +545,13 @@ This can be done with the Apache RAT tool.
 
 Download the latest jar from https://creadur.apache.org/rat/download_rat.cgi 
(unpack the binary, the jar is inside)
 
-You can run this command to do it for you:
+You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-wget -qO- 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz | 
gunzip | tar -C /tmp -xvf -
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
+wget -q 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz -O 
/tmp/apache-rat-0.17-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
diff --git a/dev/README_RELEASE_HELM_CHART.md b/dev/README_RELEASE_HELM_CHART.md
index 081e0a0cae4..1933236005d 100644
--- a/dev/README_RELEASE_HELM_CHART.md
+++ b/dev/README_RELEASE_HELM_CHART.md
@@ -524,10 +524,15 @@ cd 
${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION}${VERSION_SUFFIX}
 
 ## Licence check
 
-This can be done with the Apache RAT tool.
+You can run this command to do it for you (including checksum verification for 
your own security):
+
+```shell script
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
+wget -q 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz -O 
/tmp/apache-rat-0.17-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
+```
 
-* Download the latest jar from https://creadur.apache.org/rat/download_rat.cgi 
(unpack the binary,
-  the jar is inside)
 * Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
 * Enter the sources folder run the check
 
diff --git a/dev/README_RELEASE_PROVIDERS.md b/dev/README_RELEASE_PROVIDERS.md
index 93881270719..3ed579fd4d9 100644
--- a/dev/README_RELEASE_PROVIDERS.md
+++ b/dev/README_RELEASE_PROVIDERS.md
@@ -948,10 +948,13 @@ This can be done with the Apache RAT tool.
 
 Download the latest jar from https://creadur.apache.org/rat/download_rat.cgi 
(unpack the binary, the jar is inside)
 
-You can run this command to do it for you:
+You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-wget -qO- 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz | 
gunzip | tar -C /tmp -xvf -
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
+wget -q 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz -O 
/tmp/apache-rat-0.17-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
diff --git a/dev/README_RELEASE_PYTHON_CLIENT.md 
b/dev/README_RELEASE_PYTHON_CLIENT.md
index 016fabfab44..70a0bc00ae9 100644
--- a/dev/README_RELEASE_PYTHON_CLIENT.md
+++ b/dev/README_RELEASE_PYTHON_CLIENT.md
@@ -443,10 +443,13 @@ This can be done with the Apache RAT tool.
 
 Download the latest jar from https://creadur.apache.org/rat/download_rat.cgi 
(unpack the binary, the jar is inside)
 
-You can run this command to do it for you:
+You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-wget -qO- 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz | 
gunzip | tar -C /tmp -xvf -
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
+wget -q 
https://dlcdn.apache.org//creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz -O 
/tmp/apache-rat-0.17-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder

(airflow) branch v3-1-test updated: [v3-1-test] Add checksum verification to Apache RAT downloading in release instructions (#60841) (#60862)

Reply via email to