Is for the Apache HTTP Server project, but applies equally to other ASF The following example details how signature interaction works. Only if you check the hash can you be certain that your download hasn't been modified or is otherwise incomplete or faulty. Then compare it with the published checksum of the original. To check a hash, you have to compute the proper checksum of the file The download page shows which checksum files MD5 and SHA-1, which may have been used for older releases, are deprecated. Two files are (only) equal if their checksums are equal.Ĭomparing the checksums of two files is as good as comparing the two files Uniquely identifies the contents of the file.
The checksum of a file is a fixed length string, that (in practice)
They do not provide any guarantees as to the authenticity of the file. Checking Hashes ¶įile hashes are used to check that a file has been downloaded correctly. Signatures and checksums are only available from the official Apache Software Foundation site. PGP signatures and SHA/MD5 checksums are available along with the distribution.
#Validate checksum how to#
This page describes how to verify a file you have downloaded from an Apache product releases page, or from the Apache archive,Īll official releases of code distributed by the Apache Software FoundationĪre signed by the release manager for the release. Verifying Apache Software Foundation Releases ¶
0 kommentar(er)
