Integrity of files downloaded from ProcessOne website can be verified with checksum information.
To validate your download:
- Download both the
- On Linux, type the following command:
sha256sum -c file.ext.sum
On macOS, type the following command:
openssl sha256 file.ext tail -f file.ext.sum
Compare the first hash with the contents of the
file.ext by the actual name of the downloaded file.
The code distributed by ProcessOne is signed. To check the signature, you first need to have GNUPG installed and configured on your system. Then, you can go through the following steps:
- Import ProcessOne public keys into your keyring with the following command. This has to be done only once:
wget -qO - https://www.process-one.net/downloads/KEYS | gpg --import
- Download the
file.ext.ascalong with your
Check the ProcessOne signature with the following command:
gpg --verify file.tar.gz.asc`
Successful verification contains the text
Good signature from Process-one.