THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
In addition to the prerequisites listed in the README file, you will also need:
- A command line interface (e.g., UNIX Terminal, GitBash (Windows), or PowerShell (Windows).
- GPG - for verifying PGP key signatures. (See download page for Windows and other OS versions. See also Apache verification information and GPG Windows information.)
In addition, you You may find the following tools useful.
- MD5 and SHA Checksum Utility
- Online Difference Checker (for text files)
...
- Create a temporary directory for the release candidate.
- Open the VOTE email, and click the release candidate link. This will open a web page with four additional links: .zip (the release candidate),.asc (the signature file), .md5 (the md5 hash file), andand .sha1 (the sha1 hash file). (See sections 1a and b below for information about signature and hash files.)
- Download the files to your computer by clicking on each of the four links and download the files to your computer. (You may need to save a file from the browser to text. Make sure the browser does not append ".txt" to the file.)
...
To generate checksums, navigate to the directory containing the .zip file and run the CertUtil command. Append SHA512 and MD5, as shown below, to generate those checksums. (The default gives you the SHA1 checksum.) Is the intent to make sure that the checksums from all 3 sources are identical?
...
Check using the MD5 and SHA Checksum Utility
...
- Open the MD5 and SHA Checksum Utility (double-click the .exe), a window opens (see below).
- Browse to the release candidate .zip file, and the checksums will be displayed. (Use the checkboxes to choose which checksums you want to see.)
- You can copy individual checksums, or use the Copy All button. You can use a text difference checker to compare the checksum to that from the email or the sha1 or md5 files.
- At the bottom of the window, you can also paste a checksum (e.g., either from the VOTE email or from the downloaded .md5 or .sha1 files) and the utility will verify the hash is the same as that from the .zip file.
1b Check that the PGP signature is valid
...