How to verify ProcessOne downloads integrity

Integrity of files downloaded from ProcessOne website can be verified with checksum information.
To validate your download:

  1. Download both the file.ext and the file.ext.sum
  2. Type the following command: shasum -c file.ext.sum
  3. The command should reply: OK

Note: Replace file.ext by the actual name of the downloaded file.


Verifying signature

The code distributed by Process-one is signed. To check the signature, you first need to have GNUPG installed and configured on your system. Then, you can go through the following steps:

  1. Import ProcessOne public keys into your keyring with the following command:
    wget -qO - https://www.process-one.net/downloads/KEYS | gpg --import
    This has to be done only once.
  2. Download the file.ext.asc along with your file.ext.
  3. Check the ProcessOne signature with the following command: gpg --verify file.tar.gz.asc
Subscribe to our newsletters: