(incubator-streampark-website) branch dev updated: [Improve] Added the verify releases doc (#418)

[benjobs]

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev
in repository 
https://gitbox.apache.org/repos/asf/incubator-streampark-website.git


The following commit(s) were added to refs/heads/dev by this push:
     new 271e2ab  [Improve] Added the verify releases doc (#418)
271e2ab is described below

commit 271e2abc0ccc8385c73f2355ba364b3dc0bd9c7c
Author: benjobs <benj...@apache.org>
AuthorDate: Thu Dec 5 21:01:43 2024 +0800

    [Improve] Added the verify releases doc (#418)
    
    * [Improve] update community/security.md
    
    * [Improve] download page added verify releases doc
    
    * Update security.md
    
    * [Improve] i18n improvement
---
 src/pages/download/index.jsx      | 44 +++++++++++++++++++++++++++++++--------
 src/pages/download/languages.json | 18 ++++++++++++++--
 2 files changed, 51 insertions(+), 11 deletions(-)

diff --git a/src/pages/download/index.jsx b/src/pages/download/index.jsx
index fe085a9..4ca66d5 100644
--- a/src/pages/download/index.jsx
+++ b/src/pages/download/index.jsx
@@ -15,12 +15,14 @@ export default function () {
   const archived = downloadDataSource.slice(1, downloadDataSource.length)
   return (
     <Layout>
-      <div className="block download_page container" style={{ padding: "10px 0 
30px" }}>
+      <div className="block download_page container" style={{padding: "10px 0 
30px"}}>
         <h2 className="fs-4 mb-4 fw-bold">{dataSource.download}</h2>
         <div>
           <span> {dataSource.downloadDesc1}</span>
-          <li>apache-streampark_<span style={{ color: 'red' 
}}>2.11</span>-<span style={{ color: 'blue' 
}}>2.1.5</span>-incubating-bin.tar.gz</li>
-          <li>apache-streampark_<span style={{ color: 'red' 
}}>2.12</span>-<span style={{ color: 'blue' 
}}>2.1.5</span>-incubating-bin.tar.gz</li>
+          <li>apache-streampark_<span style={{color: 'red'}}>2.11</span>-<span 
style={{color: 'blue'}}>2.1.5</span>-incubating-bin.tar.gz
+          </li>
+          <li>apache-streampark_<span style={{color: 'red'}}>2.12</span>-<span 
style={{color: 'blue'}}>2.1.5</span>-incubating-bin.tar.gz
+          </li>
           <span>{dataSource.downloadDesc2}</span>
         </div>
         <h3 className="fs-4 mb-4 mt-4 fw-bold">{dataSource.latestVersion}</h3>
@@ -29,8 +31,8 @@ export default function () {
         <h3 className="fs-4 mb-4 fw-bold">{dataSource.archived}</h3>
         <div className="custom-info-block">
           <div className='d-flex align-items-center'>
-            <InfoSvg className='info-icon' />
-            <p className="custom-block-title">Note</p >
+            <InfoSvg className='info-icon'/>
+            <p className="custom-block-title">Note</p>
           </div>
           <ul>
             <li>{dataSource.note}</li>
@@ -38,16 +40,40 @@ export default function () {
         </div>
         <ReleaseTable dataSource={archived} latest={false}>
         </ReleaseTable>
+        <h3>{dataSource.verifyReleases}</h3>
+        <p>
+          <span>{dataSource.verifyDesc}</span>
+        </p>
+        <p>
+           <span>
+              {dataSource.downloadText} <a
+               
href="https://dist.apache.org/repos/dist/dev/incubator/streampark/KEYS";>PGP 
KEYS </a> {dataSource.verifyDesc1} :
+          </span>
+
+          <li> {dataSource.verifyStep1} </li>
+          <pre> gpg --import KEYS </pre>
+
+          <li> {dataSource.verifyStep2} </li>
+          <pre>
+            gpg --verify apache-streampark-***.asc apache-streampark-***.tar.gz
+          </pre>
+
+          <li> {dataSource.verifyStep2} </li>
+          <pre>
+            sha512sum --check apache-streampark-***.sha512
+          </pre>
+        </p>
+
         <h4>License</h4>
         <p>
           <em>
             <span>The software is licensed under the </span>
             <a href="http://www.apache.org/licenses/LICENSE-2.0"; 
target="_blank">
               Apache License 2.0
-            </a>.
-          </em>
-        </p>
-      </div>
+          </a>.
+        </em>
+      </p>
+    </div>
     </Layout>
 
   );
diff --git a/src/pages/download/languages.json 
b/src/pages/download/languages.json
index 8358509..3c52484 100644
--- a/src/pages/download/languages.json
+++ b/src/pages/download/languages.json
@@ -15,7 +15,14 @@
       "binary": "二进制包",
       "releaseNotes": "发布记录"
     },
-    "releaseNotes": "发布记录"
+    "releaseNotes": "发布记录",
+    "verifyReleases": "验证发版",
+    "verifyDesc": "你需要使用 PGP 或 SHA 签名验证下载文件的完整性，请下载 KEYS 以及 .asc/.sha512 
签名文件以供相关验证，下载文件后，你应该验证相关签名，并确保它与我们的签名一致。",
+    "downloadText": "下载",
+    "verifyDesc1": "以及带有 .asc 签名的文件，然后按照下面的步骤进行验证",
+    "verifyStep1": "将 KEYS 文件导入到你的 GPG 密钥：",
+    "verifyStep2": "使用以下命令验证发布文件的签名：",
+    "verifyStep3": "你需要下载发布文件和该文件的 .sha512 文件。然后通过以下命令进行验证："
   },
   "en": {
     "download": "Download Apache StreamPark (incubating)",
@@ -33,6 +40,13 @@
       "binary": "Binary",
       "releaseNotes": "Release notes"
     },
-    "releaseNotes": "release notes"
+    "releaseNotes": "release notes",
+    "verifyReleases": "Verify the releases",
+    "verifyDesc": "It is essential that you verify the integrity of the 
downloaded files using the PGP or SHA signatures. Please download the KEYS as 
well as the .asc/.sha512 signature files for relevant distribution. After you 
download the file, you should calculate a checksum for your download, and make 
sure it is the same as ours.",
+    "downloadText": "Download",
+    "verifyDesc1": "and the release with its .asc signature file. And then",
+    "verifyStep1": "Import the KEYS file to your GPG keyring:",
+    "verifyStep2": "Verify the signature of the release artifact using the 
following command:",
+    "verifyStep3": "You will need to download both the release artifact and 
the .sha512 checksum file for that artifact. Then verify the checksum by:"
   }
 }