Skip to content

Latest commit

 

History

History
61 lines (59 loc) · 3.96 KB

post_download.md

File metadata and controls

61 lines (59 loc) · 3.96 KB
title extraHeaders extraJs
Download
google-analytics-downloads-header.html
post-download-script.html

Thank you for downloading the Zowe binary

If you had an issue or your download did not start, please click here to try again.


Verify Hash and Signature of Zowe Binary

These commands are tested on both Mac OS X v10.13.6 and Ubuntu v17.11.


Step 1 - Verify Hash Code

You can download hash code file zowe-1.0.0.pax.sha512, then use this command to check:

(gpg --print-md SHA512 zowe-1.0.0.pax > zowe-1.0.0.pax.sha512.my) && diff zowe-1.0.0.pax.sha512.my zowe-1.0.0.pax.sha512 && echo matched || echo "not match"

If you see "matched" means the binary you have downloaded is the same one that was officially distributed by the Zowe project. You can delete temporary "zowe-1.0.0.pax.sha512.my" after that.


You can also use other commands, like "sha512", "sha512sum", or "openssl dgst -sha512" to generate SHA512 hash code. Just those hash code results are in a different format from what we provided but the values should be the same.

<h2><b>Step 2</b> - Verify With Signature File</h2>
<p>In addition to the SHA512 hash we ensure that the hash is verifiable as well. This is done by digitally
  signing the hash text file with a KEY from one of the Zowe developers.</p><br>
<p>You can download the signature file <b><a id="signature_download"
      href="https://zowe.jfrog.io/zowe/list/libs-release-local/org/zowe/1.0.0/zowe-1.0.0.pax.asc">zowe-1.0.0.pax.asc</a></b>,
  and public key <strong><a id="keyfile"
      href="https://raw.githubusercontent.com/zowe/zowe-install-packaging/master/signing_keys/KEYS.jack"
      download target="_blank">KEYS</a></strong>.</p>
<p>There are few steps:</p>
<ol class="verify-list">
  <li>Import the public key with command: <code id="keyfile_import_command">gpg --import KEYS</code></li>
  <li>If you never use gpg before, you may need to generate keys first: <code>gpg --gen-key</code>.
    Otherwise, please proceed to next step.</li>
  <li>Sign the downloaded public key with command: <code id="gpg-sign-key">gpg --sign-key KEY</code></li>
  <li>Verify the file with command: <code id="gpg_command">gpg --verify zowe-1.0.0.pax.asc zowe-1.0.0.pax</code></li>
  <li>You can remove the imported key with command: <code id="gpg-delete-key">gpg --delete-key KEY</code></li>
</ol>
<p>If you see output like this that matches the info in the public key you downloaded you can be assured
  that the binary file you have has come from the Zowe project.</p>
<code>
  gpg: &nbsp; &nbsp; &nbsp; &nbsp; using RSA key <span id="key_id">KEY</span><br>
  gpg: Good signature from "<span id="key_signer">SIGNER (CODE SIGNING KEY)</span> " [full]
</code>

Read the Zowe Documentation at docs.zowe.org

After you download the Zowe package, you're ready to get started. Read the Zowe documentation to review the system requirements and follow the instructions to install Zowe.

Provide feedback and contribute to Zowe on GitHub

View the source code, provide feedback, and contribute to the project through Zowe GitHub.