From 3a7ecaca960b636bf780115f85f714bfb471bcc7 Mon Sep 17 00:00:00 2001 From: tison Date: Sun, 28 Apr 2024 23:50:55 +0800 Subject: [PATCH] docs: add download page Signed-off-by: tison --- docs/source/download.md | 66 +++++++++++++++++++++++++ docs/source/index.rst | 3 +- docs/source/user-guide/example-usage.md | 2 +- 3 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 docs/source/download.md diff --git a/docs/source/download.md b/docs/source/download.md new file mode 100644 index 0000000000000..0684e97e9c2da --- /dev/null +++ b/docs/source/download.md @@ -0,0 +1,66 @@ + + +# Download + +The official Apache DataFusion releases are provided as source artifacts. + +## Releases + +The latest source release is [37.0.0][source-link] ([asc][asc-link], +[sha512][sha512-link]). + +[source-link]: https://www.apache.org/dyn/closer.lua/arrow/arrow-datafusion-37.0.0/apache-arrow-datafusion-37.0.0.tar.gz?action=download +[asc-link]: https://www.apache.org/dyn/closer.lua/arrow/arrow-datafusion-37.0.0/apache-arrow-datafusion-37.0.0.tar.gz.asc?action=download +[sha512-link]: https://www.apache.org/dyn/closer.lua/arrow/arrow-datafusion-37.0.0/apache-arrow-datafusion-37.0.0.tar.gz.sha512?action=download + +For older releases, please check the [archive](https://archive.apache.org/dist/datafusion/). + +For even older releases when DataFusion is a subproject of Apache Arrow, please check [Arrow's archive](https://archive.apache.org/dist/arrow/). + +## Notes + +- When downloading a release, please verify the OpenPGP compatible signature (or failing that, check the SHA-512); these should be fetched from the main Apache site. +- The KEYS file contains the public keys used for signing release. It is recommended that (when possible) a web of trust is used to confirm the identity of these keys. +- Please download the [KEYS](https://downloads.apache.org/datafusion/KEYS) as well as the .asc signature files. + +### To verify the signature of the release artifact + +You will need to download both the release artifact and the .asc signature file for that artifact. Then verify the signature by: + +- Download the KEYS file and the .asc signature files for the relevant release artifacts. +- Import the KEYS file to your GPG keyring: + + ```shell + gpg --import KEYS + ``` + +- Verify the signature of the release artifact using the following command: + + ```shell + gpg --verify .asc + ``` + +### To verify the checksum of the release artifact + +You will need to download both the release artifact and the .sha512 checksum file for that artifact. Then verify the checksum by: + +```shell +shasum -a 512 -c .sha512 +``` diff --git a/docs/source/index.rst b/docs/source/index.rst index 84d920bd66c93..50c22d50587bd 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -66,10 +66,11 @@ Please see the `developer’s guide`_ for contributing and `communication`_ for :maxdepth: 1 :caption: Links - Github and Issue Tracker + GitHub and Issue Tracker crates.io API Docs Code of conduct + Download .. _toc.guide: .. toctree:: diff --git a/docs/source/user-guide/example-usage.md b/docs/source/user-guide/example-usage.md index 2fb4e55d698d1..ae45c98d74832 100644 --- a/docs/source/user-guide/example-usage.md +++ b/docs/source/user-guide/example-usage.md @@ -36,7 +36,7 @@ tokio = "1.0" ## Add latest non published DataFusion dependency DataFusion changes are published to `crates.io` according to [release schedule](https://github.com/apache/datafusion/blob/main/dev/release/README.md#release-process) -In case if it is required to test out DataFusion changes which are merged but yet to be published, Cargo supports adding dependency directly to Github branch +In case if it is required to test out DataFusion changes which are merged but yet to be published, Cargo supports adding dependency directly to GitHub branch ```toml datafusion = { git = "https://github.com/apache/datafusion", branch = "main"}