This is an automated email from the ASF dual-hosted git repository. benjobs pushed a commit to branch verify in repository https://gitbox.apache.org/repos/asf/incubator-streampark-website.git
commit 85f2fe34d6976aa21406efeb8202955b51d6f8c8 Author: benjobs <[email protected]> AuthorDate: Thu Dec 5 20:38:46 2024 +0800 [Improve] download page added verify releases doc --- src/pages/download/index.jsx | 44 +++++++++++++++++++++++++++++++-------- src/pages/download/languages.json | 18 ++++++++++++++-- 2 files changed, 51 insertions(+), 11 deletions(-) diff --git a/src/pages/download/index.jsx b/src/pages/download/index.jsx index fe085a9..5bc9519 100644 --- a/src/pages/download/index.jsx +++ b/src/pages/download/index.jsx @@ -15,12 +15,14 @@ export default function () { const archived = downloadDataSource.slice(1, downloadDataSource.length) return ( <Layout> - <div className="block download_page container" style={{ padding: "10px 0 30px" }}> + <div className="block download_page container" style={{padding: "10px 0 30px"}}> <h2 className="fs-4 mb-4 fw-bold">{dataSource.download}</h2> <div> <span> {dataSource.downloadDesc1}</span> - <li>apache-streampark_<span style={{ color: 'red' }}>2.11</span>-<span style={{ color: 'blue' }}>2.1.5</span>-incubating-bin.tar.gz</li> - <li>apache-streampark_<span style={{ color: 'red' }}>2.12</span>-<span style={{ color: 'blue' }}>2.1.5</span>-incubating-bin.tar.gz</li> + <li>apache-streampark_<span style={{color: 'red'}}>2.11</span>-<span style={{color: 'blue'}}>2.1.5</span>-incubating-bin.tar.gz + </li> + <li>apache-streampark_<span style={{color: 'red'}}>2.12</span>-<span style={{color: 'blue'}}>2.1.5</span>-incubating-bin.tar.gz + </li> <span>{dataSource.downloadDesc2}</span> </div> <h3 className="fs-4 mb-4 mt-4 fw-bold">{dataSource.latestVersion}</h3> @@ -29,8 +31,8 @@ export default function () { <h3 className="fs-4 mb-4 fw-bold">{dataSource.archived}</h3> <div className="custom-info-block"> <div className='d-flex align-items-center'> - <InfoSvg className='info-icon' /> - <p className="custom-block-title">Note</p > + <InfoSvg className='info-icon'/> + <p className="custom-block-title">Note</p> </div> <ul> <li>{dataSource.note}</li> @@ -38,16 +40,40 @@ export default function () { </div> <ReleaseTable dataSource={archived} latest={false}> </ReleaseTable> + <h3>{dataSource.verifyReleases}</h3> + <p> + <span>{dataSource.verifyDesc}</span> + </p> + <p> + <span> + {dataSource.downloadText} <a + href="https://dist.apache.org/repos/dist/dev/incubator/streampark/KEYS";>PGP KEYS </a> {dataSource.verifyDesc1} : + </span> + + <li> {dataSource.verifyStep1} </li> + <pre> gpg --import KEYS </pre> + + <li> Verify the signature of the release artifact using the following command: </li> + <pre> + gpg --verify apache-streampark-***.asc apache-streampark-***.tar.gz + </pre> + + <li> You will need to download both the release artifact and the .sha512 checksum file for that artifact. Then verify the checksum by:</li> + <pre> + sha512sum --check apache-streampark-***.sha512 + </pre> + </p> + <h4>License</h4> <p> <em> <span>The software is licensed under the </span> <a href="http://www.apache.org/licenses/LICENSE-2.0"; target="_blank"> Apache License 2.0 - </a>. - </em> - </p> - </div> + </a>. + </em> + </p> + </div> </Layout> ); diff --git a/src/pages/download/languages.json b/src/pages/download/languages.json index 8358509..367a731 100644 --- a/src/pages/download/languages.json +++ b/src/pages/download/languages.json @@ -15,7 +15,14 @@ "binary": "二进制包", "releaseNotes": "发布记录" }, - "releaseNotes": "发布记录" + "releaseNotes": "发布记录", + "verifyReleases": "验证发版", + "verifyDesc": "你需要使用 PGP 或 SHA 签名验证下载文件的完整性。请下载 KEYS 以及 .asc/.sha512 签名文件以供相关验证。下载文件后,你应该验证相关签名,并确保它与我们的相同", + "downloadText": "下载", + "verifyDesc1": "以及带有 .asc 签名的文件,然后按照下面的步骤进行验证:", + "verifyStep1": "将 KEYS 文件导入到你的 GPG 密钥", + "verifyStep2": "使用以下命令验证发布文件的签名:", + "verifyStep3": "你需要下载发布文件和该文件的 .sha512 文件。然后通过以下命令进行验证:" }, "en": { "download": "Download Apache StreamPark (incubating)", @@ -33,6 +40,13 @@ "binary": "Binary", "releaseNotes": "Release notes" }, - "releaseNotes": "release notes" + "releaseNotes": "release notes", + "verifyReleases": "Verify the releases", + "verifyDesc": "It is essential that you verify the integrity of the downloaded files using the PGP or SHA signatures. Please download the KEYS as well as the .asc/.sha512 signature files for relevant distribution. After you download the file, you should calculate a checksum for your download, and make sure it is the same as ours.", + "downloadText": "Download", + "verifyDesc1": "and the release with its .asc signature file. And then", + "verifyStep1": "Import the KEYS file to your GPG keyring:", + "verifyStep2": "Verify the signature of the release artifact using the following command:", + "verifyStep3": "You will need to download both the release artifact and the .sha512 checksum file for that artifact. Then verify the checksum by:" } }
