It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. The PGP signatures can be verified using PGP or GPG. Begin by following these steps:
$ pgpk -a KEYS $ pgpv apache-activemq-<version>-bin.tar.gz.ascor
$ pgp -ka KEYS $ pgp apache-activemq-<version>-bin.tar.gz.ascor
$ gpg --import KEYS $ gpg --verify apache-activemq-<version>-bin.tar.gz.asc
(Where is replaced with the actual version, e.g., 5.1.0, 5.2.0, etc.).
Alternatively, you can verify the MD5 signature on the files. A Unix program called md5
or md5sum
is included in most Linux and Unix distributions. It is also available as part of GNU Textutils. Windows users can utilize any of the following md5 programs: