...
General getting-started information
Requirements:
- Maven
- Java
- Command line interface (e.g., GitBash (Windows), PowerShell (Windows), and UNIX Terminal)
- GPG - for verifying PGP key signatures (See download page for Windows and other OS verions. See more information.)
Additional (optional) tools:
- MD5 and SHA Checksum Utility
- Online Difference Checker (for text files)
...
Verify your environment
Verify you have the correct versions of the following software. The versions must match the requirements in the module download instructions.
- Maven
- Java
- GPG - for verifying PGP key signatures
mvn -- version
java – version
...
Download the release candidate
...
When you double-click the .exe, a window opens (see below). Browse to the release candidate .zip file, and the checksums will be displayed. (Use the checkboxes to choose which checksums you want to see.) You can copy individual checksums, or use the Copy All button. At the bottom of the window, you can paste a checksum (e.g., either from the VOTE email or from the downloaded .md5 or .sha1 files) and the utility will verify the hash is the same as that from the .zip file.
1b Check that the PGP signature is valid
Each software artifact is signed using a PGP (Pretty Good Privacy) key. It It is important to verify the key in copy of software you downloaded matches the key originally used to sign the software artifacdt.
...