content/dyn/include/closer.ezt - www-site - Git at Google

 <p>
     [if-any logo]
     <a href="[link]">
         <img alt="[logo]" src="[logo]"/>
     </a>
      [end] We suggest the following mirror
     site for your download:
 </p>
 <p>
     <a href="[preferred][path_info]">
         <strong>[preferred][path_info]</strong>
     </a>
 </p>
 <p>Other mirror sites are suggested below.</p>
 <p>
     It is essential that you
     <a href="#verify">verify the integrity</a>
      of the downloaded file using
     the PGP signature (
     <code>.asc</code>
      file) or a hash (
     <code>.md5</code>
      or
     <code>.sha*</code>
      file).
 </p>
 <p>Please only use the backup mirrors to download KEYS, PGP signatures and hashes (SHA* etc)
 -- or if no other mirrors are working.</p>
 <p>[if-any http]</p>
 <h1 id="http">
     HTTP
     <a class="headerlink" href="#http" title="Permanent link">&para;</a>
 </h1>
 <p>
     [for http]
     <a href="[http][path_info]">
         <strong>[http][path_info]</strong>
     </a>
     <br>
     </br>
     [end]
 </p>
 <p>[end]</p>
 <p>[if-any ftp]</p>
 <h1 id="ftp">
     FTP
     <a class="headerlink" href="#ftp" title="Permanent link">&para;</a>
 </h1>
 <p>
     [for ftp]
     <a href="[ftp][path_info]">
         <strong>[ftp][path_info]</strong>
     </a>
     <br>
     </br>
     [end]
 </p>
 <p>[end]</p>
 <h1 id="backup">
     Backup Sites
     <a class="headerlink" href="#backup" title="Permanent link">&para;</a>
 </h1>
 <p>Please only use the backup mirrors to download KEYS, PGP signatures and hashes (SHA* etc)
 -- or if no other mirrors are working.</p>
 <p>
     [if-any backup] [for backup]
     <a href="[backup][path_info]">
         <strong>[backup][path_info]</strong>
     </a>
     <br>
     </br>
     [end] [end]
 </p>
 <p>
     The
     <a href="http://www.apache.org/mirrors/">full listing of mirror sites</a>
      is also
     available.
 </p>
 <h1 id="verify">
     Verify the integrity of the files
     <a class="headerlink" href="#verify" title="Permanent link">&para;</a>
 </h1>
 <p>
     It is essential that you verify the integrity of the downloaded file using
     the PGP signature (
     <code>.asc</code>
      file) or a hash (
     <code>.md5</code>
      or
     <code>.sha*</code>
      file). Please read
     <a href="/info/verification.html">Verifying Apache Software
     Foundation Releases</a>
      for more information on why
     you should verify our releases.
 </p>
 <p>
     The PGP signature can be verified using PGP or GPG. First download the
     <code>KEYS</code>
      as well as the
     <code>asc</code>
      signature file for the relevant distribution.
     Make sure you get these files from the main distribution site, rather than
     from a mirror. Then verify the signatures using
 </p>
 <div class="codehilite">
     <pre>
         <span class="c">% gpg --import KEYS</span>
         <span class="c">% gpg --verify downloaded_file.asc downloaded_file</span>
     </pre>
 </div>
 <p>
     <em>or</em>
 </p>
 <div class="codehilite">
     <pre>
         <span class="c">% pgpk -a KEYS</span>
         <span class="c">% pgpv downloaded_file.asc</span>
     </pre>
 </div>
 <p>
     <em>or</em>
 </p>
 <div class="codehilite">
     <pre>
         <span class="c">% pgp -ka KEYS</span>
         <span class="c">% pgp downloaded_file.asc</span>
     </pre>
 </div>
 <p>Alternatively, you can verify the hash on the file.</p>
 <p>Hashes can be calculated using GPG:</p>
 <div class="codehilite">
     <pre>
         <span class="c">% gpg --print-md SHA256 downloaded_file</span>
     </pre>
 </div>
 <p>The output should be compared with the contents of the SHA256 file.
 Similarly for other hashes (SHA512, SHA1, MD5 etc) which may be provided.</p>
 <p>Windows 7 and later systems should all now have certUtil:</p>
 <div class="codehilite">
     <pre>
         <span class="c">% certUtil -hashfile pathToFileToCheck [HashAlgorithm]</span>
     </pre>
 </div>
 <p>HashAlgorithm choices: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512</p>
 <p>Unix-like systems (and macOS) will have a utility called
 md5, md5sum or shasum</p>
	<p>
	[if-any logo]
	<a href="[link]">
	<img alt="[logo]" src="[logo]"/>
	</a>
	[end] We suggest the following mirror
	site for your download:
	</p>
	<p>
	<a href="[preferred][path_info]">
	<strong>[preferred][path_info]</strong>
	</a>
	</p>
	<p>Other mirror sites are suggested below.</p>
	<p>
	It is essential that you
	<a href="#verify">verify the integrity</a>
	of the downloaded file using
	the PGP signature (
	<code>.asc</code>
	file) or a hash (
	<code>.md5</code>
	or
	<code>.sha*</code>
	file).
	</p>
	<p>Please only use the backup mirrors to download KEYS, PGP signatures and hashes (SHA* etc)
	-- or if no other mirrors are working.</p>
	<p>[if-any http]</p>
	<h1 id="http">
	HTTP
	<a class="headerlink" href="#http" title="Permanent link">¶</a>
	</h1>
	<p>
	[for http]
	<a href="[http][path_info]">
	<strong>[http][path_info]</strong>
	</a>
	<br>
	</br>
	[end]
	</p>
	<p>[end]</p>
	<p>[if-any ftp]</p>
	<h1 id="ftp">
	FTP
	<a class="headerlink" href="#ftp" title="Permanent link">¶</a>
	</h1>
	<p>
	[for ftp]
	<a href="[ftp][path_info]">
	<strong>[ftp][path_info]</strong>
	</a>
	<br>
	</br>
	[end]
	</p>
	<p>[end]</p>
	<h1 id="backup">
	Backup Sites
	<a class="headerlink" href="#backup" title="Permanent link">¶</a>
	</h1>
	<p>Please only use the backup mirrors to download KEYS, PGP signatures and hashes (SHA* etc)
	-- or if no other mirrors are working.</p>
	<p>
	[if-any backup] [for backup]
	<a href="[backup][path_info]">
	<strong>[backup][path_info]</strong>
	</a>
	<br>
	</br>
	[end] [end]
	</p>
	<p>
	The
	<a href="http://www.apache.org/mirrors/">full listing of mirror sites</a>
	is also
	available.
	</p>
	<h1 id="verify">
	Verify the integrity of the files
	<a class="headerlink" href="#verify" title="Permanent link">¶</a>
	</h1>
	<p>
	It is essential that you verify the integrity of the downloaded file using
	the PGP signature (
	<code>.asc</code>
	file) or a hash (
	<code>.md5</code>
	or
	<code>.sha*</code>
	file). Please read
	<a href="/info/verification.html">Verifying Apache Software
	Foundation Releases</a>
	for more information on why
	you should verify our releases.
	</p>
	<p>
	The PGP signature can be verified using PGP or GPG. First download the
	<code>KEYS</code>
	as well as the
	<code>asc</code>
	signature file for the relevant distribution.
	Make sure you get these files from the main distribution site, rather than
	from a mirror. Then verify the signatures using
	</p>
	<div class="codehilite">
	<pre>
	<span class="c">% gpg --import KEYS</span>
	<span class="c">% gpg --verify downloaded_file.asc downloaded_file</span>
	</pre>
	</div>
	<p>
	<em>or</em>
	</p>
	<div class="codehilite">
	<pre>
	<span class="c">% pgpk -a KEYS</span>
	<span class="c">% pgpv downloaded_file.asc</span>
	</pre>
	</div>
	<p>
	<em>or</em>
	</p>
	<div class="codehilite">
	<pre>
	<span class="c">% pgp -ka KEYS</span>
	<span class="c">% pgp downloaded_file.asc</span>
	</pre>
	</div>
	<p>Alternatively, you can verify the hash on the file.</p>
	<p>Hashes can be calculated using GPG:</p>
	<div class="codehilite">
	<pre>
	<span class="c">% gpg --print-md SHA256 downloaded_file</span>
	</pre>
	</div>
	<p>The output should be compared with the contents of the SHA256 file.
	Similarly for other hashes (SHA512, SHA1, MD5 etc) which may be provided.</p>
	<p>Windows 7 and later systems should all now have certUtil:</p>
	<div class="codehilite">
	<pre>
	<span class="c">% certUtil -hashfile pathToFileToCheck [HashAlgorithm]</span>
	</pre>
	</div>
	<p>HashAlgorithm choices: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512</p>
	<p>Unix-like systems (and macOS) will have a utility called
	md5, md5sum or shasum</p>