Repository: calcite-avatica Updated Branches: refs/heads/master 6ce0d519c -> f67cc136c
[CALCITE-2574] Update download pages to include instructions for verifying a downloaded artifact Project: http://git-wip-us.apache.org/repos/asf/calcite-avatica/repo Commit: http://git-wip-us.apache.org/repos/asf/calcite-avatica/commit/f67cc136 Tree: http://git-wip-us.apache.org/repos/asf/calcite-avatica/tree/f67cc136 Diff: http://git-wip-us.apache.org/repos/asf/calcite-avatica/diff/f67cc136 Branch: refs/heads/master Commit: f67cc136c70f220b06d102d19c418a93417a4ee4 Parents: 6ce0d51 Author: Francis Chuang <[email protected]> Authored: Thu Sep 20 09:23:15 2018 +1000 Committer: Francis Chuang <[email protected]> Committed: Thu Sep 20 09:34:13 2018 +1000 ---------------------------------------------------------------------- site/downloads/avatica-go.md | 36 ++++++++++++++++++++++++++------ site/downloads/avatica.md | 44 ++++++++++++++++++++++++++++++--------- 2 files changed, 64 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/calcite-avatica/blob/f67cc136/site/downloads/avatica-go.md ---------------------------------------------------------------------- diff --git a/site/downloads/avatica-go.md b/site/downloads/avatica-go.md index c083e07..3c78f72 100644 --- a/site/downloads/avatica-go.md +++ b/site/downloads/avatica-go.md @@ -79,12 +79,7 @@ Release | Date | Commit | Download {% endcomment %} {% endfor %} -Choose a source distribution in either *tar* or *zip* format, -and [verify](http://www.apache.org/dyn/closer.cgi#verify) -using the corresponding *pgp* signature (using the committer file in -[KEYS](http://www.apache.org/dist/calcite/KEYS)). -If you cannot do that, use the *sha256* hash file (*md5* in older -releases) to check that the download has completed OK. +Choose a source distribution in either *tar* or *zip* format. For fast downloads, current source distributions are hosted on mirror servers; older source distributions are in the @@ -94,3 +89,32 @@ succeed. For security, hash and signature files are always hosted at [Apache](https://www.apache.org/dist). + +## Verify the integrity of the files + +You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older +releases). For more information why this must be done, please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html). + +To verify the signature using GPG or PGP, please do the following: + +1. Download the release artifact and the corresponding PGP signature from the table above. +2. Download the [Apache Calcite KEYS](http://www.apache.org/dist/calcite/KEYS) file. +3. Import the KEYS file and verify the downloaded artifact using one of the following methods: +{% highlight shell %} +% gpg --import KEYS +% gpg --verify downloaded_file.asc downloaded_file +{% endhighlight %} + +or + +{% highlight shell %} +% pgpk -a KEYS +% pgpv downloaded_file.asc +{% endhighlight %} + +or + +{% highlight shell %} +% pgp -ka KEYS +% pgp downloaded_file.asc +{% endhighlight %} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/calcite-avatica/blob/f67cc136/site/downloads/avatica.md ---------------------------------------------------------------------- diff --git a/site/downloads/avatica.md b/site/downloads/avatica.md index 54d2972..c894315 100644 --- a/site/downloads/avatica.md +++ b/site/downloads/avatica.md @@ -25,7 +25,7 @@ limitations under the License. Avatica is released as a source artifact, and also through Maven and Docker Hub. -# Source releases +## Source releases Release | Date | Commit | Download :--------------- | :--------- | :------- | :------- @@ -73,12 +73,7 @@ Release | Date | Commit | Download {% endcomment %} {% endfor %} -Choose a source distribution in either *tar* or *zip* format, -and [verify](http://www.apache.org/dyn/closer.cgi#verify) -using the corresponding *pgp* signature (using the committer file in -[KEYS](http://www.apache.org/dist/calcite/KEYS)). -If you cannot do that, use the *sha256* hash file (*md5* in older -releases) to check that the download has completed OK. +Choose a source distribution in either *tar* or *zip* format. For fast downloads, current source distributions are hosted on mirror servers; older source distributions are in the @@ -89,7 +84,36 @@ succeed. For security, hash and signature files are always hosted at [Apache](https://www.apache.org/dist). -# Maven artifacts +## Verify the integrity of the files + +You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older +releases). For more information why this must be done, please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html). + +To verify the signature using GPG or PGP, please do the following: + +1. Download the release artifact and the corresponding PGP signature from the table above. +2. Download the [Apache Calcite KEYS](http://www.apache.org/dist/calcite/KEYS) file. +3. Import the KEYS file and verify the downloaded artifact using one of the following methods: +{% highlight shell %} +% gpg --import KEYS +% gpg --verify downloaded_file.asc downloaded_file +{% endhighlight %} + +or + +{% highlight shell %} +% pgpk -a KEYS +% pgpv downloaded_file.asc +{% endhighlight %} + +or + +{% highlight shell %} +% pgp -ka KEYS +% pgp downloaded_file.asc +{% endhighlight %} + +## Maven artifacts Add the following to the dependencies section of your `pom.xml` file: @@ -124,7 +148,7 @@ As of Apache Calcite Avatica 1.9.0, the following un-shaded client artifact is a </dependencies> {% endhighlight %} -# Docker images +## Docker images From release 1.10.0 onwards, Docker images for Avatica Server are available at -[Docker Hub](https://hub.docker.com/r/apache/calcite-avatica). +[Docker Hub](https://hub.docker.com/r/apache/calcite-avatica). \ No newline at end of file
