| <h1 id="verify">Verify the integrity of the files<a class="headerlink" href="#verify" title="Permanent link">¶</a></h1> |
| <p>It is essential that you verify the integrity of the downloaded file using |
| the PGP signature (<code>.asc</code> file) or a hash (<code>.md5</code> or <code>.sha*</code> file). Please read <a href="/info/verification.html">Verifying Apache Software |
| Foundation Releases</a> for more information on why |
| you should verify our releases.</p> |
| <p>The PGP signature can be verified using PGP or GPG. First download the |
| <code>KEYS</code> as well as the <code>asc</code> signature file for the relevant distribution. |
| Make sure you get these files from the main distribution site, rather than |
| from a mirror. Then verify the signatures using</p> |
| <div class="codehilite"><pre><span class="c">% gpg --import KEYS</span> |
| <span class="c">% gpg --verify downloaded_file.asc downloaded_file</span> |
| </pre></div> |
| |
| |
| <p><em>or</em></p> |
| <div class="codehilite"><pre><span class="c">% pgpk -a KEYS</span> |
| <span class="c">% pgpv downloaded_file.asc</span> |
| </pre></div> |
| |
| |
| <p><em>or</em></p> |
| <div class="codehilite"><pre><span class="c">% pgp -ka KEYS</span> |
| <span class="c">% pgp downloaded_file.asc</span> |
| </pre></div> |
| |
| |
| <p>Alternatively, you can verify the MD5 hash on the file. A unix |
| program called <code>md5</code> or <code>md5sum</code> is included in many unix distributions. It |
| is also available as part of |
| <a href="http://www.gnu.org/software/textutils/textutils.html">GNU Textutils</a>. |
| Windows users can get binary md5 programs from |
| <a href="http://www.fourmilab.ch/md5/">here</a>, |
| <a href="http://www.pc-tools.net/win32/freeware/console/">here</a> , or |
| <a href="http://www.slavasoft.com/fsum/">here</a>.</p> |