Author: francischuang
Date: Wed Sep 19 23:42:31 2018
New Revision: 1841402
URL: http://svn.apache.org/viewvc?rev=1841402&view=rev
Log:
Update download pages to include instructions for verifying artifacts
Modified:
calcite/site/avatica/downloads/avatica-go.html
calcite/site/avatica/downloads/avatica.html
Modified: calcite/site/avatica/downloads/avatica-go.html
URL:
http://svn.apache.org/viewvc/calcite/site/avatica/downloads/avatica-go.html?rev=1841402&r1=1841401&r2=1841402&view=diff
==============================================================================
--- calcite/site/avatica/downloads/avatica-go.html (original)
+++ calcite/site/avatica/downloads/avatica-go.html Wed Sep 19 23:42:31 2018
@@ -119,12 +119,7 @@
</tbody>
</table>
-<p>Choose a source distribution in either <em>tar</em> or <em>zip</em> format,
-and <a href="http://www.apache.org/dyn/closer.cgi#verify";>verify</a>
-using the corresponding <em>pgp</em> signature (using the committer file in
-<a href="http://www.apache.org/dist/calcite/KEYS";>KEYS</a>).
-If you cannot do that, use the <em>sha256</em> hash file (<em>md5</em> in older
-releases) to check that the download has completed OK.</p>
+<p>Choose a source distribution in either <em>tar</em> or <em>zip</em>
format.</p>
<p>For fast downloads, current source distributions are hosted on mirror
servers;
older source distributions are in the
@@ -135,6 +130,32 @@ succeed.</p>
<p>For security, hash and signature files are always hosted at
<a href="https://www.apache.org/dist";>Apache</a>.</p>
+<h2 id="verify-the-integrity-of-the-files">Verify the integrity of the
files</h2>
+
+<p>You must verify the integrity of the downloaded file using the PGP
signature (.asc file) or a hash (.sha256, .md5 for older
+releases). For more information why this must be done, please read <a
href="https://www.apache.org/info/verification.html";>Verifying Apache Software
Foundation Releases</a>.</p>
+
+<p>To verify the signature using GPG or PGP, please do the following:</p>
+
+<ol>
+ <li>Download the release artifact and the corresponding PGP signature from
the table above.</li>
+ <li>Download the <a href="http://www.apache.org/dist/calcite/KEYS";>Apache
Calcite KEYS</a> file.</li>
+ <li>Import the KEYS file and verify the downloaded artifact using one of the
following methods:</li>
+</ol>
+
+<figure class="highlight"><pre><code class="language-shell"
data-lang="shell">% gpg <span class="nt">--import</span> KEYS
+% gpg <span class="nt">--verify</span> downloaded_file.asc
downloaded_file</code></pre></figure>
+
+<p>or</p>
+
+<figure class="highlight"><pre><code class="language-shell"
data-lang="shell">% pgpk <span class="nt">-a</span> KEYS
+% pgpv downloaded_file.asc</code></pre></figure>
+
+<p>or</p>
+
+<figure class="highlight"><pre><code class="language-shell"
data-lang="shell">% pgp <span class="nt">-ka</span> KEYS
+% pgp downloaded_file.asc</code></pre></figure>
+
</article>
</div>
Modified: calcite/site/avatica/downloads/avatica.html
URL:
http://svn.apache.org/viewvc/calcite/site/avatica/downloads/avatica.html?rev=1841402&r1=1841401&r2=1841402&view=diff
==============================================================================
--- calcite/site/avatica/downloads/avatica.html (original)
+++ calcite/site/avatica/downloads/avatica.html Wed Sep 19 23:42:31 2018
@@ -88,7 +88,7 @@
<p>Avatica is released as a source artifact, and also through Maven and Docker
Hub.</p>
-<h1 id="source-releases">Source releases</h1>
+<h2 id="source-releases">Source releases</h2>
<table>
<thead>
@@ -139,12 +139,7 @@
</tbody>
</table>
-<p>Choose a source distribution in either <em>tar</em> or <em>zip</em> format,
-and <a href="http://www.apache.org/dyn/closer.cgi#verify";>verify</a>
-using the corresponding <em>pgp</em> signature (using the committer file in
-<a href="http://www.apache.org/dist/calcite/KEYS";>KEYS</a>).
-If you cannot do that, use the <em>sha256</em> hash file (<em>md5</em> in older
-releases) to check that the download has completed OK.</p>
+<p>Choose a source distribution in either <em>tar</em> or <em>zip</em>
format.</p>
<p>For fast downloads, current source distributions are hosted on mirror
servers;
older source distributions are in the
@@ -155,7 +150,33 @@ succeed.</p>
<p>For security, hash and signature files are always hosted at
<a href="https://www.apache.org/dist";>Apache</a>.</p>
-<h1 id="maven-artifacts">Maven artifacts</h1>
+<h2 id="verify-the-integrity-of-the-files">Verify the integrity of the
files</h2>
+
+<p>You must verify the integrity of the downloaded file using the PGP
signature (.asc file) or a hash (.sha256, .md5 for older
+releases). For more information why this must be done, please read <a
href="https://www.apache.org/info/verification.html";>Verifying Apache Software
Foundation Releases</a>.</p>
+
+<p>To verify the signature using GPG or PGP, please do the following:</p>
+
+<ol>
+ <li>Download the release artifact and the corresponding PGP signature from
the table above.</li>
+ <li>Download the <a href="http://www.apache.org/dist/calcite/KEYS";>Apache
Calcite KEYS</a> file.</li>
+ <li>Import the KEYS file and verify the downloaded artifact using one of the
following methods:</li>
+</ol>
+
+<figure class="highlight"><pre><code class="language-shell"
data-lang="shell">% gpg <span class="nt">--import</span> KEYS
+% gpg <span class="nt">--verify</span> downloaded_file.asc
downloaded_file</code></pre></figure>
+
+<p>or</p>
+
+<figure class="highlight"><pre><code class="language-shell"
data-lang="shell">% pgpk <span class="nt">-a</span> KEYS
+% pgpv downloaded_file.asc</code></pre></figure>
+
+<p>or</p>
+
+<figure class="highlight"><pre><code class="language-shell"
data-lang="shell">% pgp <span class="nt">-ka</span> KEYS
+% pgp downloaded_file.asc</code></pre></figure>
+
+<h2 id="maven-artifacts">Maven artifacts</h2>
<p>Add the following to the dependencies section of your <code
class="highlighter-rouge">pom.xml</code> file:</p>
@@ -182,7 +203,7 @@ succeed.</p>
<span class="nt"></dependency></span>
<span class="nt"></dependencies></span></code></pre></figure>
-<h1 id="docker-images">Docker images</h1>
+<h2 id="docker-images">Docker images</h2>
<p>From release 1.10.0 onwards, Docker images for Avatica Server are available
at
<a href="https://hub.docker.com/r/apache/calcite-avatica";>Docker Hub</a>.</p>
