title | extraHeaders | extraJs |
---|---|---|
Download |
google-analytics-downloads-header.html |
post-download-script.html |
If you had an issue or your download did not start, please click here to try again.
Verify Hash and Signature of Zowe Binary
These commands are tested on both Mac OS X v10.13.6 and Ubuntu v17.11.
You can download hash code file zowe-1.0.0.pax.sha512, then use this command to check:
(gpg --print-md SHA512 zowe-1.0.0.pax > zowe-1.0.0.pax.sha512.my) && diff
zowe-1.0.0.pax.sha512.my zowe-1.0.0.pax.sha512 && echo matched || echo "not match"
If you see "matched" means the binary you have downloaded is the same one that was officially distributed by the Zowe project. You can delete temporary "zowe-1.0.0.pax.sha512.my" after that.
You can also use other commands, like "sha512
", "sha512sum
", or "openssl
dgst -sha512
" to generate SHA512 hash code. Just those hash code results are in a
different format from what we provided but the values should be the same.
<h2><b>Step 2</b> - Verify With Signature File</h2>
<p>In addition to the SHA512 hash we ensure that the hash is verifiable as well. This is done by digitally
signing the hash text file with a KEY from one of the Zowe developers.</p><br>
<p>You can download the signature file <b><a id="signature_download"
href="https://zowe.jfrog.io/zowe/list/libs-release-local/org/zowe/1.0.0/zowe-1.0.0.pax.asc">zowe-1.0.0.pax.asc</a></b>,
and public key <strong><a id="keyfile"
href="https://raw.githubusercontent.com/zowe/zowe-install-packaging/master/signing_keys/KEYS.jack"
download target="_blank">KEYS</a></strong>.</p>
<p>There are few steps:</p>
<ol class="verify-list">
<li>Import the public key with command: <code id="keyfile_import_command">gpg --import KEYS</code></li>
<li>If you never use gpg before, you may need to generate keys first: <code>gpg --gen-key</code>.
Otherwise, please proceed to next step.</li>
<li>Sign the downloaded public key with command: <code id="gpg-sign-key">gpg --sign-key KEY</code></li>
<li>Verify the file with command: <code id="gpg_command">gpg --verify zowe-1.0.0.pax.asc zowe-1.0.0.pax</code></li>
<li>You can remove the imported key with command: <code id="gpg-delete-key">gpg --delete-key KEY</code></li>
</ol>
<p>If you see output like this that matches the info in the public key you downloaded you can be assured
that the binary file you have has come from the Zowe project.</p>
<code>
gpg: using RSA key <span id="key_id">KEY</span><br>
gpg: Good signature from "<span id="key_signer">SIGNER (CODE SIGNING KEY)</span> " [full]
</code>
Read the Zowe Documentation at docs.zowe.org
After you download the Zowe package, you're ready to get started. Read the Zowe documentation to review the system requirements and follow the instructions to install Zowe.
Provide feedback and contribute to Zowe on GitHub
View the source code, provide feedback, and contribute to the project through Zowe GitHub.