-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello,
The irony of GPG trashing the commands! I'll try again (and then give up, I'm sure you are all smart enough to figure it out): CertUtil -hashfile 'apache-taverna-parent-2-incubating-source-release.zip' SHA512 CertUtil -hashfile 'apache-taverna-parent-2-incubating-source-release.zip' MD5 CertUtil -hashfile 'apache-taverna-parent-2-incubating-source-release.zi p' Cheers, Ian On 29/02/2016 13:44, Ian Dunlop wrote: > Hello, > > Some handy code for those using windows and powershell to check > releases . To generate checksums use CertUtil command: SHA512: > "CertUtil -hashfile > 'apache-taverna-parent-2-incubating-source-release.zip' SHA512" > MD5: "CertUtil -hashfile > 'apache-taverna-parent-2-incubating-source-release.zip' MD5" SHA1 > (the default for CertUtil): "CertUtil -hashfile > 'apache-taverna-parent-2-incubating-source-release.zip'" > > To check the key used to sign the artifacts: > > 1) Download the taverna key file from > https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS > 2) Import the key file into GPG: gpg --import keys.txt 3) Verify > the file: gpg --verify > '.\apache-taverna-language-0.15.1-incubating-source-release.zip' > > See https://httpd.apache.org/dev/verification.html for some > general verification info. > > Cheers, > > Ian > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW1E4yAAoJEPK45GBX+Cy51yUH/2FeriOxPSoqSSNDHuZ9TSRH 5Kk1TSTUUUkoCFYbVWDT1pBwXuomBeqwOXxjUVBYyGI/+ID8z8O1pwiiB630Mu24 aLASy2m5qo5GLrnshKzcvC/zIp0K4Hap21YewGQ8QDycq313hRrOs/Ay1HrLtU3R l086qYIpTe+uzEyDrUgnK7iFLiz2QP3rdjMeeYkhtKyi2N1zFC6w6aAAwl27dSwT W+XKQu5+nGByioFsHeG/bb9bh2rETz+sHH7g8jLaqnUabszp/XrjWYoEKdagzc9w We6aE/KGkbv0xYQSWb9fk6JA8aK2/Ko0+3wuQiJG6kIIKSwhdI2RFd1d/G4rgFQ= =yqsj -----END PGP SIGNATURE-----
