blob: 5d4b7dc59d87ea9854c593a718e3121e0bfe8b55 [file]
# Apache OpenDALâ„¢ Downloads
The official Apache OpenDAL releases are provided as source artifacts.
## Releases
import DownloadLink from '@site/src/components/DownloadLink';
The latest source release is <DownloadLink/>.
For older releases, please check the [archive](https://archive.apache.org/dist/opendal/).
For even older releases during the incubating phase, please check the [incubator archive](https://archive.apache.org/dist/incubator/opendal/).
## Notes
* When downloading a release, please verify the OpenPGP compatible signature (or failing that, check the SHA-512); these should be fetched from the main Apache site.
* The KEYS file contains the public keys used for signing release. It is recommended that (when possible) a web of trust is used to confirm the identity of these keys.
* Please download the [KEYS](https://downloads.apache.org/opendal/KEYS) as well as the .asc signature files.
### To verify the signature of the release artifact
You will need to download both the release artifact and the .asc signature file for that artifact. Then verify the signature by:
* Download the KEYS file and the .asc signature files for the relevant release artifacts.
* Import the KEYS file to your GPG keyring:
```shell
gpg --import KEYS
```
* Verify the signature of the release artifact using the following command:
```shell
gpg --verify <artifact>.asc <artifact>
```
### To verify the checksum of the release artifact
You will need to download both the release artifact and the .sha512 checksum file for that artifact. Then verify the checksum by:
```shell
shasum -a 512 -c <artifact>.sha512
```