This content is for Brooklyn 0.6.0, and may differ across versions.

Are you using version 0.6.0?

Yes, hide this warningNo, show me the latest versionShow all versions

Verify the Integrity of Downloads

It is essential for security that you verify the integrity of the downloaded files using their PGP signatures or SHA-1 checksums.

Verifying PGP signatures using PGP or GPG

Download the brooklyn-gpg-public-key.asc file and the .asc PGP signature file for the relevant artefact.

(Make sure you get these files from the main Sonatype repository rather than from a mirror.)

Verify the signatures using one of the following commands:

pgpk -a brooklyn-gpg-public-key.asc
pgpv brooklyn-0.6.0-dist.tar.gz.asc

or

pgp -ka brooklyn-gpg-public-key.asc
pgp brooklyn-0.6.0-dist.zip.asc

or

gpg --import brooklyn-gpg-public-key.asc    
gpg --verify brooklyn-0.6.0-dist.tar.gz.asc

You can also verify the SHA-1 checksum of the files.

A program called sha1 or sha1sum is included in most Linux distributions and OSx. For Windows users, fsum supports SHA-1.

Ensure the generated checksum string matches the contents of the .sha1 file for the relevant artefact (and again download from Sonatype repository, rather than from a mirror).