tidy up verification instructions a little, remove some now-redundant instruction
Project: http://git-wip-us.apache.org/repos/asf/qpid-site/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-site/commit/cb61089b Tree: http://git-wip-us.apache.org/repos/asf/qpid-site/tree/cb61089b Diff: http://git-wip-us.apache.org/repos/asf/qpid-site/diff/cb61089b Branch: refs/heads/asf-site Commit: cb61089b9b7cb9c78c97777bc56d3d75846f7f56 Parents: b1a4522 Author: Robbie Gemmell <[email protected]> Authored: Tue Sep 5 14:58:10 2017 +0100 Committer: Robbie Gemmell <[email protected]> Committed: Tue Sep 5 14:58:10 2017 +0100 ---------------------------------------------------------------------- content/download.html | 25 +++++++++---------------- input/download.md | 23 ++++++++--------------- 2 files changed, 17 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-site/blob/cb61089b/content/download.html ---------------------------------------------------------------------- diff --git a/content/download.html b/content/download.html index 2c46bc8..1f1a849 100644 --- a/content/download.html +++ b/content/download.html @@ -222,20 +222,17 @@ using the ASC signatures, MD5 checksums, or SHA checksums.</p> <p>The signatures can be verified using PGP or GPG. First download the <a href="http://www.apache.org/dist/qpid/KEYS";><code>KEYS</code></a> file as well as the -<code>.asc</code> signature file for the relevant artefact. Make sure you get -these files from the relevant subdirectory of the -<a href="http://www.apache.org/dist/qpid/";>main distribution directory</a>, -rather than from a mirror. Then verify the signatures using one of the -following sets of commands.</p> +<code>.asc</code> signature file for the relevant artefact. Then verify the signatures +using one of the following sets of commands.</p> -<pre><code>% pgpk -a KEYS +<pre><code>% gpg --import KEYS +% gpg --verify <artifact-name>.asc + +% pgpk -a KEYS % pgpv <artifact-name>.asc % pgp -ka KEYS % pgp <artifact-name>.asc - -% gpg --import KEYS -% gpg --verify <artifact-name>.asc </code></pre> <p>Alternatively, you can verify the MD5 or SHA checksums of the @@ -243,13 +240,9 @@ files. Unix programs called <code>md5sum</code>, <code>sha1sum</code> and <code> <code>sha512</code>) are included in many unix distributions. They are also available as part of <a href="http://www.gnu.org/software/coreutils/";>GNU Coreutils</a>. For -Windows users, <a href="http://www.slavasoft.com/fsum/";>FSUM</a> supports MD5 and -SHA1. Ensure your generated checksum string matches the string -published in the <code>.md5</code> or <code>.sha1</code> file included with each release -artefact. Again, make sure you get this file from the relevant -subdirectory of the -<a href="http://www.apache.org/dist/qpid/";>main distribution directory</a>, -rather than from a mirror.</p> +Windows users, <a href="http://www.slavasoft.com/fsum/";>FSUM</a> supports this. +Ensure your generated checksum string matches the string +published in the checksum file included with each release artefact.</p> <h2 id="more-information">More information</h2> http://git-wip-us.apache.org/repos/asf/qpid-site/blob/cb61089b/input/download.md ---------------------------------------------------------------------- diff --git a/input/download.md b/input/download.md index 0cd4a5e..6bce930 100644 --- a/input/download.md +++ b/input/download.md @@ -77,11 +77,11 @@ using the ASC signatures, MD5 checksums, or SHA checksums. The signatures can be verified using PGP or GPG. First download the [`KEYS`](http://www.apache.org/dist/qpid/KEYS) file as well as the -`.asc` signature file for the relevant artefact. Make sure you get -these files from the relevant subdirectory of the -[main distribution directory](http://www.apache.org/dist/qpid/), -rather than from a mirror. Then verify the signatures using one of the -following sets of commands. +`.asc` signature file for the relevant artefact. Then verify the signatures +using one of the following sets of commands. + + % gpg --import KEYS + % gpg --verify <artifact-name>.asc % pgpk -a KEYS % pgpv <artifact-name>.asc @@ -89,21 +89,14 @@ following sets of commands. % pgp -ka KEYS % pgp <artifact-name>.asc - % gpg --import KEYS - % gpg --verify <artifact-name>.asc - Alternatively, you can verify the MD5 or SHA checksums of the files. Unix programs called `md5sum`, `sha1sum` and `sha512sum` (or `md5`, `sha1` and `sha512`) are included in many unix distributions. They are also available as part of [GNU Coreutils](http://www.gnu.org/software/coreutils/). For -Windows users, [FSUM](http://www.slavasoft.com/fsum/) supports MD5 and -SHA1. Ensure your generated checksum string matches the string -published in the `.md5` or `.sha1` file included with each release -artefact. Again, make sure you get this file from the relevant -subdirectory of the -[main distribution directory](http://www.apache.org/dist/qpid/), -rather than from a mirror. +Windows users, [FSUM](http://www.slavasoft.com/fsum/) supports this. +Ensure your generated checksum string matches the string +published in the checksum file included with each release artefact. ## More information --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
