This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-site.git
The following commit(s) were added to refs/heads/main by this push:
new 6c98a1a5 Improve release verification instructions
(apache/logging-log4j2#3099)
6c98a1a5 is described below
commit 6c98a1a5d01c84206a1d19b2b02e8a32fd85c81b
Author: Volkan Yazıcı <[email protected]>
AuthorDate: Thu Oct 17 10:00:47 2024 +0200
Improve release verification instructions (apache/logging-log4j2#3099)
---
download.adoc | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/download.adoc b/download.adoc
index 8a2dd8c8..dda2de58 100644
--- a/download.adoc
+++ b/download.adoc
@@ -40,7 +40,7 @@ Java distribution channels::
== Verification
All Logging Services release distributions are digitally signed by the release
manager and provided with checksum files.
-You can verify a distribution by following the below shared instructions:
+You can verify a distribution by following the below shared Linux/macOS
instructions:
[source,bash]
----
@@ -48,12 +48,21 @@ You can verify a distribution by following the below shared
instructions:
wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
# Verify signatures
-for sigFile in *.asc; do gpg --verify $sigFile; done
+for sigFile in *.asc; do gpg --verify $sigFile ${sigFile%.asc}; done
# Verify checksums
shasum --check *.sha512
----
+[NOTE]
+====
+Windows users need to
+
+* Manually download the file at the `wget` step
+* Manually unroll the `for` loop
+* Use `certUtil -hashfile <FILE> SHA512` instead of `shasum`
+====
+
[#sbom]
== Software Bill of Materials (SBOM)
