Integrity of files downloaded from ProcessOne website can be verified with checksum information.
To validate your download:
- Download both the
file.ext
and thefile.ext.sum
. - On Linux, type the following command:
sha256sum -c file.ext.sum
On macOS, type the following command:
openssl sha256 file.ext tail -f file.ext.sum
Compare the first hash with the contents of the
file.ext.sum
file.
Note: Replace file.ext
by the actual name of the downloaded file.
Verifying signature
The code distributed by ProcessOne is signed. To check the signature, you first need to have GNUPG installed and configured on your system. Then, you can go through the following steps:
- Import ProcessOne public keys into your keyring with the following command. This has to be done only once:
wget -qO - https://www.process-one.net/downloads/KEYS | gpg --import
- Download the
file.ext.asc
along with yourfile.ext
. -
Check the ProcessOne signature with the following command:
gpg --verify file.tar.gz.asc`
Successful verification contains the text
Good signature from Process-one
.
The link to the GPG keys you’ve provided results in an 404. The file is not there. Please correct this, because I’d like to verify your packages.
Sorry about that, the KEYS file is now available.