ASF Infra Download Integrity Checker

Clone this repo:

Branches

  1. 4279207 Another TODO by Sebb · 3 weeks ago main
  2. 73cfc67 Update docs by Sebb · 3 weeks ago
  3. 54ffdba Merge pull request #3 from apache/patch-gnupg-plugin by sebbASF · 3 weeks ago
  4. b51882c Indicate unused by Sebb · 3 weeks ago
  5. f47db3b Other entries seen on dist by Sebb · 3 weeks ago

Download Integrity Checker for ASF Infra

This service runs as a Pipservice and verifies download artifacts using their accompanying chekcums and detached signatures, as per our release distribution policies ( outlined at https://infra.apache.org/release-distribution.html ).

When a mismatch is detected, projects (and infra) are notified of this via email.

TODO

  • check all directories and files for errors in sigs and hashes (not just some extensions)
  • where a project has multiple KEYS files, use the appropriate (closest) one only for checking