Verify the Integrity of Downloads
You can verify the integrity of the downloaded files using their PGP (GPG) signatures or SHA256 checksums.
Verifying Hashes
To verify the downloads, first get the GPG signatures and SHA256 hashes using these links. Note that all links are for first-class Apache Software Foundation mirrors so there is already reduced opportunity for anyone maliciously tampering with these files.
| Artifact | Hashes | |
|---|---|---|
| Release Manager's public keys | KEYS | |
| apache-brooklyn-1.0.0-src.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-src.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-bin.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-client-cli-linux.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-client-cli-linux.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-client-cli-macosx.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-client-cli-macosx.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-client-cli-windows.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-client-cli-windows.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-vagrant.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-vagrant.zip | pgp | sha256 |
| apache-brooklyn-1.0.0.deb | pgp | sha256 |
| apache-brooklyn-1.0.0-1.noarch.rpm | pgp | sha256 |
| apache-brooklyn-1.0.0-classic.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-classic.zip | pgp | sha256 | apache-brooklyn-1.0.0-M1-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-bin.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-classic.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-classic.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-1.noarch.rpm | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-src.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-src.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-client-cli-linux.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-client-cli-linux.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-client-cli-macosx.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-client-cli-macosx.zip | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-client-cli-windows.tar.gz | pgp | sha256 |
| apache-brooklyn-1.0.0-M1-client-cli-windows.zip | pgp | sha256 |
| apache-brooklyn-0.12.0-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-0.12.0-bin.zip | pgp | sha256 |
| apache-brooklyn-0.12.0-classic.tar.gz | pgp | sha256 |
| apache-brooklyn-0.12.0-classic.zip | pgp | sha256 |
| apache-brooklyn-0.12.0-1.noarch.rpm | pgp | sha256 |
| apache-brooklyn-0.12.0-src.tar.gz | pgp | sha256 |
| apache-brooklyn-0.12.0-src.zip | pgp | sha256 |
| apache-brooklyn-0.12.0-client-cli-linux.tar.gz | pgp | sha256 |
| apache-brooklyn-0.12.0-client-cli-linux.zip | pgp | sha256 |
| apache-brooklyn-0.12.0-client-cli-macosx.tar.gz | pgp | sha256 |
| apache-brooklyn-0.12.0-client-cli-macosx.zip | pgp | sha256 |
| apache-brooklyn-0.12.0-client-cli-windows.tar.gz | pgp | sha256 |
| apache-brooklyn-0.12.0-client-cli-windows.zip | pgp | sha256 |
| apache-brooklyn-0.11.0-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-0.11.0-bin.zip | pgp | sha256 |
| apache-brooklyn-0.11.0-karaf.tar.gz | pgp | sha256 |
| apache-brooklyn-0.11.0-karaf.zip | pgp | sha256 |
| apache-brooklyn-0.11.0-1.noarch.rpm | pgp | sha256 |
| apache-brooklyn-0.11.0-src.tar.gz | pgp | sha256 |
| apache-brooklyn-0.11.0-src.zip | pgp | sha256 |
| apache-brooklyn-0.11.0-client-cli-linux.tar.gz | pgp | sha256 |
| apache-brooklyn-0.11.0-client-cli-linux.zip | pgp | sha256 |
| apache-brooklyn-0.11.0-client-cli-macosx.tar.gz | pgp | sha256 |
| apache-brooklyn-0.11.0-client-cli-macosx.zip | pgp | sha256 |
| apache-brooklyn-0.11.0-client-cli-windows.tar.gz | pgp | sha256 |
| apache-brooklyn-0.11.0-client-cli-windows.zip | pgp | sha256 |
| apache-brooklyn-0.10.0-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-0.10.0-bin.zip | pgp | sha256 |
| apache-brooklyn-0.10.0-karaf.tar.gz | pgp | sha256 |
| apache-brooklyn-0.10.0-karaf.zip | pgp | sha256 |
| apache-brooklyn-0.10.0-1.noarch.rpm | pgp | sha256 |
| apache-brooklyn-0.10.0-src.tar.gz | pgp | sha256 |
| apache-brooklyn-0.10.0-src.zip | pgp | sha256 |
| apache-brooklyn-0.10.0-client-cli-linux.tar.gz | pgp | sha256 |
| apache-brooklyn-0.10.0-client-cli-linux.zip | pgp | sha256 |
| apache-brooklyn-0.10.0-client-cli-macosx.tar.gz | pgp | sha256 |
| apache-brooklyn-0.10.0-client-cli-macosx.zip | pgp | sha256 |
| apache-brooklyn-0.10.0-client-cli-windows.tar.gz | pgp | sha256 |
| apache-brooklyn-0.10.0-client-cli-windows.zip | pgp | sha256 |
| apache-brooklyn-0.9.0-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-0.9.0-bin.zip | pgp | sha256 |
| apache-brooklyn-0.9.0-1.noarch.rpm | pgp | sha256 |
| apache-brooklyn-0.9.0-src.tar.gz | pgp | sha256 |
| apache-brooklyn-0.9.0-src.zip | pgp | sha256 |
| apache-brooklyn-0.9.0-client-cli-linux.tar.gz | pgp | sha256 |
| apache-brooklyn-0.9.0-client-cli-linux.zip | pgp | sha256 |
| apache-brooklyn-0.9.0-client-cli-macosx.tar.gz | pgp | sha256 |
| apache-brooklyn-0.9.0-client-cli-macosx.zip | pgp | sha256 |
| apache-brooklyn-0.9.0-client-cli-windows.tar.gz | pgp | sha256 |
| apache-brooklyn-0.9.0-client-cli-windows.zip | pgp | sha256 |
| apache-brooklyn-0.8.0-incubating-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-0.8.0-incubating-bin.zip | pgp | sha256 |
| apache-brooklyn-0.8.0-incubating-src.tar.gz | pgp | sha256 |
| apache-brooklyn-0.8.0-incubating-src.zip | pgp | sha256 |
| apache-brooklyn-0.7.0-incubating-bin.tar.gz | pgp | sha256 |
| apache-brooklyn-0.7.0-incubating-bin.zip | pgp | sha256 |
| apache-brooklyn-0.7.0-incubating-src.tar.gz | pgp | sha256 |
| apache-brooklyn-0.7.0-incubating-src.zip | pgp | sha256 |
| apache-brooklyn-0.7.0-M2-incubating.tar.gz | pgp | sha256 |
You can verify the SHA256 hashes easily by placing the files in the same folder as the download artifact and
then running shasum, which is included in most UNIX-like systems:
shasum -c apache-brooklyn-1.0.0.tar.gz.sha256In order to validate the release signature, download both the release .asc file for the release, and the KEYS file
which contains the public keys of key individuals in the Apache Brooklyn project.
Verify the signatures using one of the following commands:
pgpk -a KEYS
pgpv brooklyn-1.0.0-dist.tar.gz.ascor
pgp -ka KEYS
pgp brooklyn-1.0.0-dist.zip.ascor
gpg --import KEYS
gpg --verify brooklyn-1.0.0-dist.tar.gz.asc