Author: francischuang Date: Wed Sep 19 23:42:31 2018 New Revision: 1841402 URL: http://svn.apache.org/viewvc?rev=1841402&view=rev Log: Update download pages to include instructions for verifying artifacts
Modified: calcite/site/avatica/downloads/avatica-go.html calcite/site/avatica/downloads/avatica.html Modified: calcite/site/avatica/downloads/avatica-go.html URL: http://svn.apache.org/viewvc/calcite/site/avatica/downloads/avatica-go.html?rev=1841402&r1=1841401&r2=1841402&view=diff ============================================================================== --- calcite/site/avatica/downloads/avatica-go.html (original) +++ calcite/site/avatica/downloads/avatica-go.html Wed Sep 19 23:42:31 2018 @@ -119,12 +119,7 @@ </tbody> </table> -<p>Choose a source distribution in either <em>tar</em> or <em>zip</em> format, -and <a href="http://www.apache.org/dyn/closer.cgi#verify">verify</a> -using the corresponding <em>pgp</em> signature (using the committer file in -<a href="http://www.apache.org/dist/calcite/KEYS">KEYS</a>). -If you cannot do that, use the <em>sha256</em> hash file (<em>md5</em> in older -releases) to check that the download has completed OK.</p> +<p>Choose a source distribution in either <em>tar</em> or <em>zip</em> format.</p> <p>For fast downloads, current source distributions are hosted on mirror servers; older source distributions are in the @@ -135,6 +130,32 @@ succeed.</p> <p>For security, hash and signature files are always hosted at <a href="https://www.apache.org/dist">Apache</a>.</p> +<h2 id="verify-the-integrity-of-the-files">Verify the integrity of the files</h2> + +<p>You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older +releases). For more information why this must be done, please read <a href="https://www.apache.org/info/verification.html">Verifying Apache Software Foundation Releases</a>.</p> + +<p>To verify the signature using GPG or PGP, please do the following:</p> + +<ol> + <li>Download the release artifact and the corresponding PGP signature from the table above.</li> + <li>Download the <a href="http://www.apache.org/dist/calcite/KEYS">Apache Calcite KEYS</a> file.</li> + <li>Import the KEYS file and verify the downloaded artifact using one of the following methods:</li> +</ol> + +<figure class="highlight"><pre><code class="language-shell" data-lang="shell">% gpg <span class="nt">--import</span> KEYS +% gpg <span class="nt">--verify</span> downloaded_file.asc downloaded_file</code></pre></figure> + +<p>or</p> + +<figure class="highlight"><pre><code class="language-shell" data-lang="shell">% pgpk <span class="nt">-a</span> KEYS +% pgpv downloaded_file.asc</code></pre></figure> + +<p>or</p> + +<figure class="highlight"><pre><code class="language-shell" data-lang="shell">% pgp <span class="nt">-ka</span> KEYS +% pgp downloaded_file.asc</code></pre></figure> + </article> </div> Modified: calcite/site/avatica/downloads/avatica.html URL: http://svn.apache.org/viewvc/calcite/site/avatica/downloads/avatica.html?rev=1841402&r1=1841401&r2=1841402&view=diff ============================================================================== --- calcite/site/avatica/downloads/avatica.html (original) +++ calcite/site/avatica/downloads/avatica.html Wed Sep 19 23:42:31 2018 @@ -88,7 +88,7 @@ <p>Avatica is released as a source artifact, and also through Maven and Docker Hub.</p> -<h1 id="source-releases">Source releases</h1> +<h2 id="source-releases">Source releases</h2> <table> <thead> @@ -139,12 +139,7 @@ </tbody> </table> -<p>Choose a source distribution in either <em>tar</em> or <em>zip</em> format, -and <a href="http://www.apache.org/dyn/closer.cgi#verify">verify</a> -using the corresponding <em>pgp</em> signature (using the committer file in -<a href="http://www.apache.org/dist/calcite/KEYS">KEYS</a>). -If you cannot do that, use the <em>sha256</em> hash file (<em>md5</em> in older -releases) to check that the download has completed OK.</p> +<p>Choose a source distribution in either <em>tar</em> or <em>zip</em> format.</p> <p>For fast downloads, current source distributions are hosted on mirror servers; older source distributions are in the @@ -155,7 +150,33 @@ succeed.</p> <p>For security, hash and signature files are always hosted at <a href="https://www.apache.org/dist">Apache</a>.</p> -<h1 id="maven-artifacts">Maven artifacts</h1> +<h2 id="verify-the-integrity-of-the-files">Verify the integrity of the files</h2> + +<p>You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older +releases). For more information why this must be done, please read <a href="https://www.apache.org/info/verification.html">Verifying Apache Software Foundation Releases</a>.</p> + +<p>To verify the signature using GPG or PGP, please do the following:</p> + +<ol> + <li>Download the release artifact and the corresponding PGP signature from the table above.</li> + <li>Download the <a href="http://www.apache.org/dist/calcite/KEYS">Apache Calcite KEYS</a> file.</li> + <li>Import the KEYS file and verify the downloaded artifact using one of the following methods:</li> +</ol> + +<figure class="highlight"><pre><code class="language-shell" data-lang="shell">% gpg <span class="nt">--import</span> KEYS +% gpg <span class="nt">--verify</span> downloaded_file.asc downloaded_file</code></pre></figure> + +<p>or</p> + +<figure class="highlight"><pre><code class="language-shell" data-lang="shell">% pgpk <span class="nt">-a</span> KEYS +% pgpv downloaded_file.asc</code></pre></figure> + +<p>or</p> + +<figure class="highlight"><pre><code class="language-shell" data-lang="shell">% pgp <span class="nt">-ka</span> KEYS +% pgp downloaded_file.asc</code></pre></figure> + +<h2 id="maven-artifacts">Maven artifacts</h2> <p>Add the following to the dependencies section of your <code class="highlighter-rouge">pom.xml</code> file:</p> @@ -182,7 +203,7 @@ succeed.</p> <span class="nt"></dependency></span> <span class="nt"></dependencies></span></code></pre></figure> -<h1 id="docker-images">Docker images</h1> +<h2 id="docker-images">Docker images</h2> <p>From release 1.10.0 onwards, Docker images for Avatica Server are available at <a href="https://hub.docker.com/r/apache/calcite-avatica">Docker Hub</a>.</p>