Verify the Integrity of Downloads
You can verify the integrity of the downloaded files using their PGP (GPG) signatures or SHA256 checksums.
Verifying Hashes
To verify the downloads, first get the GPG signatures and SHA256 hashes using these links. Note that all links are for first-class Apache Software Foundation mirrors so there is already reduced opportunity for anyone maliciously tampering with these files.
Artifact | Hashes | |
---|---|---|
Release Manager's public keys | KEYS | |
apache-brooklyn-1.0.0-src.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-src.zip | pgp | sha256 |
apache-brooklyn-1.0.0-bin.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-bin.zip | pgp | sha256 |
apache-brooklyn-1.0.0-client-cli-linux.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-client-cli-linux.zip | pgp | sha256 |
apache-brooklyn-1.0.0-client-cli-macosx.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-client-cli-macosx.zip | pgp | sha256 |
apache-brooklyn-1.0.0-client-cli-windows.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-client-cli-windows.zip | pgp | sha256 |
apache-brooklyn-1.0.0-vagrant.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-vagrant.zip | pgp | sha256 |
apache-brooklyn-1.0.0.deb | pgp | sha256 |
apache-brooklyn-1.0.0-1.noarch.rpm | pgp | sha256 |
apache-brooklyn-1.0.0-classic.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-classic.zip | pgp | sha256 | apache-brooklyn-1.0.0-M1-bin.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-M1-bin.zip | pgp | sha256 |
apache-brooklyn-1.0.0-M1-classic.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-M1-classic.zip | pgp | sha256 |
apache-brooklyn-1.0.0-M1-1.noarch.rpm | pgp | sha256 |
apache-brooklyn-1.0.0-M1-src.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-M1-src.zip | pgp | sha256 |
apache-brooklyn-1.0.0-M1-client-cli-linux.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-M1-client-cli-linux.zip | pgp | sha256 |
apache-brooklyn-1.0.0-M1-client-cli-macosx.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-M1-client-cli-macosx.zip | pgp | sha256 |
apache-brooklyn-1.0.0-M1-client-cli-windows.tar.gz | pgp | sha256 |
apache-brooklyn-1.0.0-M1-client-cli-windows.zip | pgp | sha256 |
apache-brooklyn-0.12.0-bin.tar.gz | pgp | sha256 |
apache-brooklyn-0.12.0-bin.zip | pgp | sha256 |
apache-brooklyn-0.12.0-classic.tar.gz | pgp | sha256 |
apache-brooklyn-0.12.0-classic.zip | pgp | sha256 |
apache-brooklyn-0.12.0-1.noarch.rpm | pgp | sha256 |
apache-brooklyn-0.12.0-src.tar.gz | pgp | sha256 |
apache-brooklyn-0.12.0-src.zip | pgp | sha256 |
apache-brooklyn-0.12.0-client-cli-linux.tar.gz | pgp | sha256 |
apache-brooklyn-0.12.0-client-cli-linux.zip | pgp | sha256 |
apache-brooklyn-0.12.0-client-cli-macosx.tar.gz | pgp | sha256 |
apache-brooklyn-0.12.0-client-cli-macosx.zip | pgp | sha256 |
apache-brooklyn-0.12.0-client-cli-windows.tar.gz | pgp | sha256 |
apache-brooklyn-0.12.0-client-cli-windows.zip | pgp | sha256 |
apache-brooklyn-0.11.0-bin.tar.gz | pgp | sha256 |
apache-brooklyn-0.11.0-bin.zip | pgp | sha256 |
apache-brooklyn-0.11.0-karaf.tar.gz | pgp | sha256 |
apache-brooklyn-0.11.0-karaf.zip | pgp | sha256 |
apache-brooklyn-0.11.0-1.noarch.rpm | pgp | sha256 |
apache-brooklyn-0.11.0-src.tar.gz | pgp | sha256 |
apache-brooklyn-0.11.0-src.zip | pgp | sha256 |
apache-brooklyn-0.11.0-client-cli-linux.tar.gz | pgp | sha256 |
apache-brooklyn-0.11.0-client-cli-linux.zip | pgp | sha256 |
apache-brooklyn-0.11.0-client-cli-macosx.tar.gz | pgp | sha256 |
apache-brooklyn-0.11.0-client-cli-macosx.zip | pgp | sha256 |
apache-brooklyn-0.11.0-client-cli-windows.tar.gz | pgp | sha256 |
apache-brooklyn-0.11.0-client-cli-windows.zip | pgp | sha256 |
apache-brooklyn-0.10.0-bin.tar.gz | pgp | sha256 |
apache-brooklyn-0.10.0-bin.zip | pgp | sha256 |
apache-brooklyn-0.10.0-karaf.tar.gz | pgp | sha256 |
apache-brooklyn-0.10.0-karaf.zip | pgp | sha256 |
apache-brooklyn-0.10.0-1.noarch.rpm | pgp | sha256 |
apache-brooklyn-0.10.0-src.tar.gz | pgp | sha256 |
apache-brooklyn-0.10.0-src.zip | pgp | sha256 |
apache-brooklyn-0.10.0-client-cli-linux.tar.gz | pgp | sha256 |
apache-brooklyn-0.10.0-client-cli-linux.zip | pgp | sha256 |
apache-brooklyn-0.10.0-client-cli-macosx.tar.gz | pgp | sha256 |
apache-brooklyn-0.10.0-client-cli-macosx.zip | pgp | sha256 |
apache-brooklyn-0.10.0-client-cli-windows.tar.gz | pgp | sha256 |
apache-brooklyn-0.10.0-client-cli-windows.zip | pgp | sha256 |
apache-brooklyn-0.9.0-bin.tar.gz | pgp | sha256 |
apache-brooklyn-0.9.0-bin.zip | pgp | sha256 |
apache-brooklyn-0.9.0-1.noarch.rpm | pgp | sha256 |
apache-brooklyn-0.9.0-src.tar.gz | pgp | sha256 |
apache-brooklyn-0.9.0-src.zip | pgp | sha256 |
apache-brooklyn-0.9.0-client-cli-linux.tar.gz | pgp | sha256 |
apache-brooklyn-0.9.0-client-cli-linux.zip | pgp | sha256 |
apache-brooklyn-0.9.0-client-cli-macosx.tar.gz | pgp | sha256 |
apache-brooklyn-0.9.0-client-cli-macosx.zip | pgp | sha256 |
apache-brooklyn-0.9.0-client-cli-windows.tar.gz | pgp | sha256 |
apache-brooklyn-0.9.0-client-cli-windows.zip | pgp | sha256 |
apache-brooklyn-0.8.0-incubating-bin.tar.gz | pgp | sha256 |
apache-brooklyn-0.8.0-incubating-bin.zip | pgp | sha256 |
apache-brooklyn-0.8.0-incubating-src.tar.gz | pgp | sha256 |
apache-brooklyn-0.8.0-incubating-src.zip | pgp | sha256 |
apache-brooklyn-0.7.0-incubating-bin.tar.gz | pgp | sha256 |
apache-brooklyn-0.7.0-incubating-bin.zip | pgp | sha256 |
apache-brooklyn-0.7.0-incubating-src.tar.gz | pgp | sha256 |
apache-brooklyn-0.7.0-incubating-src.zip | pgp | sha256 |
apache-brooklyn-0.7.0-M2-incubating.tar.gz | pgp | sha256 |
You can verify the SHA256 hashes easily by placing the files in the same folder as the download artifact and
then running shasum
, which is included in most UNIX-like systems:
shasum -c apache-brooklyn-1.0.0.tar.gz.sha256
In order to validate the release signature, download both the release .asc
file for the release, and the KEYS
file
which contains the public keys of key individuals in the Apache Brooklyn project.
Verify the signatures using one of the following commands:
pgpk -a KEYS
pgpv brooklyn-1.0.0-dist.tar.gz.asc
or
pgp -ka KEYS
pgp brooklyn-1.0.0-dist.zip.asc
or
gpg --import KEYS
gpg --verify brooklyn-1.0.0-dist.tar.gz.asc