Dear Wiki user, You have subscribed to a wiki page or wiki category on "Rave Wiki" for change notification.
The "ReleaseManagement/ReleaseVerification" page has been changed by MarlonPierce: http://wiki.apache.org/rave/ReleaseManagement/ReleaseVerification New page: = Verifying Rave Releases = As with all Apache release, Rave binaries are signed (the .asc file), and have MD5 and SHA512 message digest files. These are described in more detail [[http://www.apache.org/dev/release-signing|here]]. You can verify your release using GPG with the following steps. == Setting Up == The following steps are a one-time setup. 1. Download and install GPG from http://www.gnupg.org/download/ 1. Import the Rave signing keys. These are available from https://svn.apache.org/repos/asf/rave/KEYS. Download the key file and import with the command '''''gpg --import KEYS''''' 1. You may also want to sign and upload the key with your own key pair to a public key server. Again, see [[http://www.apache.org/dev/release-signing|here]] for more information. == Verifying a Binary Release == 1. With the binary apache-rave-X.Y.Z-bin.zip and the signature file apache-rave-X.Y.Z-bin.zip.asc in the same directory, verify the binary release signature with '''''gpg apache-rave-X.Y.Z-bin.zip.asc'''''. a. For untrusted keys, you can verify the fingerprint with '''''gpg --fingerprint ABCD1234''''', replacing '''''ABCD1234''''' with the fingerprint of the key used to sign the release. 1. Verify the SHA message digest with '''''gpg --print-md SHA1 apache-rave-X.Y.Z-bin.zip''''' and compare to the contents of apache-rave-0.10.1-bin.zip.sha. a. You can use UNIX's ''diff'' for this: '''''gpg --print-md SHA512 apache-rave-X.Y.Z-bin.zip | diff - apache-rave-X.Y.Z-bin.zip.sha'''''. If the digest matches correctly, you will get no output. 1. Verify the MD5 digest with the command '''''gpg --print-md md5 apache-rave-X.Y.Z-bin.zip''''' and compare to the contents of apache-rave-X.Y.Z-bin.zip.md5. a. You can again use ''diff'' for this: '''''gpg --print-md md5 apache-rave-X.Y.Z-bin.zip | diff - apache-rave-X.Y.Z-bin.zip.md5'''''. If the digest matches correctly, you will get no output.
