How to verify ProcessOne downloads integrity

Integrity of files downloaded from ProcessOne website can be verified with checksum information.
To validate your download:

  1. Download both the file.ext and the file.ext.md5
  2. Type the following command: md5sum -c file.ext.md5

Note: Replace file.ext by the actual name of the downloaded file.

Verifying signature

The code distributed by Process-one is signed. To check the signature, you first need to have GNUPG installed and configured on your system. Then, you can go through the following steps:

  1. Import ProcessOne public keys into your keyring with the following command:
    wget -qO - https://www.process-one.net/downloads/KEYS | gpg --import
    

    This has to be done only once.

  2. Download the file.ext.asc along with your file.ext.

  3. Check the ProcessOne signature with the following command:

    gpg --verify file.tar.gz.asc`
    

Let us know what you think 💬


2 thoughts on “How to verify ProcessOne downloads integrity

  1. The link to the GPG keys you’ve provided results in an 404. The file is not there. Please correct this, because I’d like to verify your packages.

Leave a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.