This is an automated email from the ASF dual-hosted git repository.
weibin pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-graphar-website.git
The following commit(s) were added to refs/heads/main by this push:
new 395ef44 Add download page (#16)
395ef44 is described below
commit 395ef449720af08cf426df0c63dec69f30848642
Author: Weibin Zeng <[email protected]>
AuthorDate: Fri Apr 26 11:45:18 2024 +0800
Add download page (#16)
Signed-off-by: acezen <[email protected]>
---
docusaurus.config.ts | 1 +
src/pages/download.md | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+)
diff --git a/docusaurus.config.ts b/docusaurus.config.ts
index cc6c56d..94b86ef 100644
--- a/docusaurus.config.ts
+++ b/docusaurus.config.ts
@@ -127,6 +127,7 @@ const config: Config = {
},
]
},
+ { to: '/download', label: 'Download', position: 'right' },
{ to: '/blog', label: 'Blog', position: 'right' },
{
type: 'dropdown',
diff --git a/src/pages/download.md b/src/pages/download.md
new file mode 100644
index 0000000..70fcefe
--- /dev/null
+++ b/src/pages/download.md
@@ -0,0 +1,38 @@
+# Apache GraphAr(incubating) Downloads
+
+The official Apache GraphAr (incubating) releases are provided as source
artifacts.
+
+## Releases
+
+Apache GraphAr (Incubating) hasn't made a release since joining the Apache
Incubator.
+
+## Notes
+
+* When downloading a release, please verify the OpenPGP compatible signature
(or failing that, check the SHA-512); these should be fetched from the main
Apache site.
+* The KEYS file contains the public keys used for signing release. It is
recommended that (when possible) a web of trust is used to confirm the identity
of these keys.
+* Please download the [KEYS](https://downloads.apache.org/graphar/KEYS) as
well as the .asc signature files.
+
+### To verify the signature of the release artifact
+
+You will need to download both the release artifact and the .asc signature
file for that artifact. Then verify the signature by:
+
+* Download the KEYS file and the .asc signature files for the relevant release
artifacts.
+* Import the KEYS file to your GPG keyring:
+
+ ```shell
+ gpg --import KEYS
+ ```
+
+* Verify the signature of the release artifact using the following command:
+
+ ```shell
+ gpg --verify <artifact>.asc <artifact>
+ ```
+
+### To verify the checksum of the release artifact
+
+You will need to download both the release artifact and the .sha512 checksum
file for that artifact. Then verify the checksum by:
+
+```shell
+shasum -a 512 -c <artifact>.sha512
+```
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
