THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- MD5 and SHA Checksum Utility
- Online Difference Checker (for text files)
...
Download the release candidate
...
There are three sources of checksums: (1) the VOTE email, (2) the release candidate .zip file, and (3) the checksum files (.md5 and .sha1) downloaded at the same time as the release candidate. .
You can verify the checksums using a command line interface or a utility. Both methods are described below.
Command line interface
To generate checksums, navigate to the directory containing the .zip file and run the CertUtil command. The default gives you the SHA1 checksum. Append SHA512 and MD5, as shown below, to generate those checksums. Is the intent to make sure that the checksums from all 3 sources are identical?
...
When you double-click the .exe, a window opens (see below). Browse to the release candidate .zip file, and the checksums will be displayed. (Use the checkboxes to choose which checksums you want to see.) You can copy individual checksums, or use the Copy All button. At the bottom of the window, you can paste a checksum (e.g., either from the VOTE email or from the downloaded .md5 or .sha1 files) and the utility will verify the hash is the same as that from the .zip file.
1b Check that PGP signature is validTO DO Add information about PGP tools, procedure.
Each software artifact is signed using a PGP (Pretty Good Privacy) key. It is important to verify the key in copy of software you downloaded matches the key originally used to sign the software artifacdt.
You can verify the signatures using a command line interface or other software program (Kleopatra). Both methods are described below
Command line interface
- Download the Taverna key file from https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS. (On Windows this can be done by typing Ctrl-S in the browser window and saving the file as keys.txt.)
Import the key file into GPG:
gpg --import keys.txt
...
AFTER you unzip the release candidate, but BEFORE you build
...