docs-archive/apache-airflow/2.1.4/_sources/installation/installing-from-sources.rst.txt - airflow-site - Git at Google

  .. Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership.  The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License.  You may obtain a copy of the License at

  ..   http://www.apache.org/licenses/LICENSE-2.0

  .. Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.

 Installing from Sources
 -----------------------

 .. contents:: :local:


 Released packages
 '''''''''''''''''

 .. jinja:: official_download_page

     This page describes downloading and verifying ``Apache Airflow`` version
     ``{{ airflow_version }}`` using officially released packages.
     You can also install ``Apache Airflow`` - as most Python packages - via :doc:`PyPI <installing-from-pypi>`.
     You can choose different version of Airflow by selecting different version from the drop-down at
     the top-left of the page.

 The ``source``, ``sdist`` and ``whl`` packages released are the "official" sources of installation that you
 can use if you want to verify the origin of the packages and want to verify checksums and signatures of
 the packages. The packages are available via the
 `Official Apache Software Foundations Mirrors <http://ws.apache.org/mirrors.cgi>`_


 The |version| downloads are available at:

 .. jinja:: official_download_page

     * `Sources package <{{ closer_lua_url }}/apache-airflow-{{ airflow_version }}-source.tar.gz>`__ (`asc <{{ base_url }}/apache_airflow-{{ airflow_version }}-source.tar.gz.asc>`__, `sha512 <{{ base_url }}/apache-airflow-{{ airflow_version }}-source.tar.gz.sha512>`__)
     * `Sdist package <{{ closer_lua_url }}/apache-airflow-{{ airflow_version }}.tar.gz>`__ (`asc <{{ base_url }}/apache-airflow-{{ airflow_version }}.tar.gz.asc>`__, `sha512 <{{ base_url }}/apache-airflow-{{ airflow_version }}.tar.gz.sha512>`__)
     * `Whl package <{{ closer_lua_url }}/apache_airflow-{{ airflow_version }}-py3-none-any.whl>`__ (`asc <{{ base_url }}/apache_airflow-{{ airflow_version }}-py3-none-any.whl.asc>`__, `sha512 <{{ base_url }}/apache_airflow-{{ airflow_version }}-py3-none-any.whl.sha512>`__)

 If you want to install from the source code, you can download from the sources link above, it will contain
 a ``INSTALL`` file containing details on how you can build and install Airflow.

 Release integrity
 '''''''''''''''''

 `PGP signatures KEYS <https://downloads.apache.org/airflow/KEYS>`__

 It is essential that you verify the integrity of the downloaded files using the PGP or SHA signatures.
 The PGP signatures can be verified using GPG or PGP. Please download the KEYS as well as the asc
 signature files for relevant distribution. It is recommended to get these files from the
 main distribution directory and not from the mirrors.

 .. code-block:: bash

     gpg -i KEYS

 or

 .. code-block:: bash

     pgpk -a KEYS

 or

 .. code-block:: bash

     pgp -ka KEYS

 To verify the binaries/sources you can download the relevant asc files for it from main
 distribution directory and follow the below guide.

 .. code-block:: bash

     gpg --verify apache-airflow-********.asc apache-airflow-*********

 or

 .. code-block:: bash

     pgpv apache-airflow-********.asc

 or

 .. code-block:: bash

     pgp apache-airflow-********.asc

 Example:

 .. code-block:: console
     :substitutions:

     $ gpg --verify apache-airflow-|version|-source.tar.gz.asc apache-airflow-|version|-source.tar.gz
       gpg: Signature made Sat 11 Sep 12:49:54 2021 BST
       gpg:                using RSA key CDE15C6E4D3A8EC4ECF4BA4B6674E08AD7DE406F
       gpg:                issuer "kaxilnaik@apache.org"
       gpg: Good signature from "Kaxil Naik <kaxilnaik@apache.org>" [unknown]
       gpg:                 aka "Kaxil Naik <kaxilnaik@gmail.com>" [unknown]
       gpg: WARNING: The key's User ID is not certified with a trusted signature!
       gpg:          There is no indication that the signature belongs to the owner.
       Primary key fingerprint: CDE1 5C6E 4D3A 8EC4 ECF4  BA4B 6674 E08A D7DE 406F

 The "Good signature from ..." is indication that the signatures are correct.
 Do not worry about the "not certified with a trusted signature" warning. Most of the certificates used
 by release managers are self signed, that's why you get this warning. By importing the server in the
 previous step and importing it via ID from ``KEYS`` page, you know that this is a valid Key already.

 For SHA512 sum check, download the relevant ``sha512`` and run the following:

 .. code-block:: bash

     shasum -a 512 apache-airflow--********  | diff - apache-airflow--********.sha512

 The ``SHASUM`` of the file should match the one provided in ``.sha512`` file.

 Example:

 .. code-block:: bash
     :substitutions:

     shasum -a 512 apache-airflow-|version|-source.tar.gz  | diff - apache-airflow-|version|-source.tar.gz.sha512


 Verifying PyPI releases
 '''''''''''''''''''''''

 You can verify the Airflow ``.whl`` packages from PyPI by locally downloading the package and signature
 and SHA sum files with the script below:


 .. jinja:: official_download_page

     .. code-block:: bash

         #!/bin/bash
         AIRFLOW_VERSION="{{ airflow_version }}"
         airflow_download_dir="$(mktemp -d)"
         pip download --no-deps "apache-airflow==${AIRFLOW_VERSION}" --dest "${airflow_download_dir}"
         curl "https://downloads.apache.org/airflow/${AIRFLOW_VERSION}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.asc" \
             -L -o "${airflow_download_dir}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.asc"
         curl "https://downloads.apache.org/airflow/${AIRFLOW_VERSION}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.sha512" \
             -L -o "${airflow_download_dir}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.sha512"
         echo
         echo "Please verify files downloaded to ${airflow_download_dir}"
         ls -la "${airflow_download_dir}"
         echo

 Once you verify the files following the instructions from previous chapter you can remove the temporary
 folder created.
	.. Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	.. http://www.apache.org/licenses/LICENSE-2.0

	.. Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.

	Installing from Sources
	-----------------------

	.. contents:: :local:


	Released packages
	'''''''''''''''''

	.. jinja:: official_download_page

	This page describes downloading and verifying ``Apache Airflow`` version
	``{{ airflow_version }}`` using officially released packages.
	You can also install ``Apache Airflow`` - as most Python packages - via :doc:`PyPI <installing-from-pypi>`.
	You can choose different version of Airflow by selecting different version from the drop-down at
	the top-left of the page.

	The ``source``, ``sdist`` and ``whl`` packages released are the "official" sources of installation that you
	can use if you want to verify the origin of the packages and want to verify checksums and signatures of
	the packages. The packages are available via the
	`Official Apache Software Foundations Mirrors <http://ws.apache.org/mirrors.cgi>`_


	The \|version\| downloads are available at:

	.. jinja:: official_download_page

	* `Sources package <{{ closer_lua_url }}/apache-airflow-{{ airflow_version }}-source.tar.gz>`__ (`asc <{{ base_url }}/apache_airflow-{{ airflow_version }}-source.tar.gz.asc>`__, `sha512 <{{ base_url }}/apache-airflow-{{ airflow_version }}-source.tar.gz.sha512>`__)
	* `Sdist package <{{ closer_lua_url }}/apache-airflow-{{ airflow_version }}.tar.gz>`__ (`asc <{{ base_url }}/apache-airflow-{{ airflow_version }}.tar.gz.asc>`__, `sha512 <{{ base_url }}/apache-airflow-{{ airflow_version }}.tar.gz.sha512>`__)
	* `Whl package <{{ closer_lua_url }}/apache_airflow-{{ airflow_version }}-py3-none-any.whl>`__ (`asc <{{ base_url }}/apache_airflow-{{ airflow_version }}-py3-none-any.whl.asc>`__, `sha512 <{{ base_url }}/apache_airflow-{{ airflow_version }}-py3-none-any.whl.sha512>`__)

	If you want to install from the source code, you can download from the sources link above, it will contain
	a ``INSTALL`` file containing details on how you can build and install Airflow.

	Release integrity
	'''''''''''''''''

	`PGP signatures KEYS <https://downloads.apache.org/airflow/KEYS>`__

	It is essential that you verify the integrity of the downloaded files using the PGP or SHA signatures.
	The PGP signatures can be verified using GPG or PGP. Please download the KEYS as well as the asc
	signature files for relevant distribution. It is recommended to get these files from the
	main distribution directory and not from the mirrors.

	.. code-block:: bash

	gpg -i KEYS

	or

	.. code-block:: bash

	pgpk -a KEYS

	or

	.. code-block:: bash

	pgp -ka KEYS

	To verify the binaries/sources you can download the relevant asc files for it from main
	distribution directory and follow the below guide.

	.. code-block:: bash

	gpg --verify apache-airflow-******.asc apache-airflow-*******

	or

	.. code-block:: bash

	pgpv apache-airflow-********.asc

	or

	.. code-block:: bash

	pgp apache-airflow-********.asc

	Example:

	.. code-block:: console
	:substitutions:

	$ gpg --verify apache-airflow-\|version\|-source.tar.gz.asc apache-airflow-\|version\|-source.tar.gz
	gpg: Signature made Sat 11 Sep 12:49:54 2021 BST
	gpg: using RSA key CDE15C6E4D3A8EC4ECF4BA4B6674E08AD7DE406F
	gpg: issuer "kaxilnaik@apache.org"
	gpg: Good signature from "Kaxil Naik <kaxilnaik@apache.org>" [unknown]
	gpg: aka "Kaxil Naik <kaxilnaik@gmail.com>" [unknown]
	gpg: WARNING: The key's User ID is not certified with a trusted signature!
	gpg: There is no indication that the signature belongs to the owner.
	Primary key fingerprint: CDE1 5C6E 4D3A 8EC4 ECF4 BA4B 6674 E08A D7DE 406F

	The "Good signature from ..." is indication that the signatures are correct.
	Do not worry about the "not certified with a trusted signature" warning. Most of the certificates used
	by release managers are self signed, that's why you get this warning. By importing the server in the
	previous step and importing it via ID from ``KEYS`` page, you know that this is a valid Key already.

	For SHA512 sum check, download the relevant ``sha512`` and run the following:

	.. code-block:: bash

	shasum -a 512 apache-airflow--****** \| diff - apache-airflow--******.sha512

	The ``SHASUM`` of the file should match the one provided in ``.sha512`` file.

	Example:

	.. code-block:: bash
	:substitutions:

	shasum -a 512 apache-airflow-\|version\|-source.tar.gz \| diff - apache-airflow-\|version\|-source.tar.gz.sha512


	Verifying PyPI releases
	'''''''''''''''''''''''

	You can verify the Airflow ``.whl`` packages from PyPI by locally downloading the package and signature
	and SHA sum files with the script below:


	.. jinja:: official_download_page

	.. code-block:: bash

	#!/bin/bash
	AIRFLOW_VERSION="{{ airflow_version }}"
	airflow_download_dir="$(mktemp -d)"
	pip download --no-deps "apache-airflow==${AIRFLOW_VERSION}" --dest "${airflow_download_dir}"
	curl "https://downloads.apache.org/airflow/${AIRFLOW_VERSION}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.asc" \
	-L -o "${airflow_download_dir}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.asc"
	curl "https://downloads.apache.org/airflow/${AIRFLOW_VERSION}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.sha512" \
	-L -o "${airflow_download_dir}/apache_airflow-${AIRFLOW_VERSION}-py3-none-any.whl.sha512"
	echo
	echo "Please verify files downloaded to ${airflow_download_dir}"
	ls -la "${airflow_download_dir}"
	echo

	Once you verify the files following the instructions from previous chapter you can remove the temporary
	folder created.