If you had an issue or your download didnt't start, please click here to try again.
These commands are tested on both Mac OS X v10.13.6 and Ubuntu v17.11.
You can download hash code file zowe-1.0.0.pax.sha512, then use this command to check:
(gpg --print-md SHA512 zowe-1.0.0.pax > zowe-1.0.0.pax.sha512.my) && diff zowe-1.0.0.pax.sha512.my zowe-1.0.0.pax.sha512 && echo matched || echo "not match"
If you see "matched" means the binary you have downloaded is the same one that was officially distributed by the Zowe project. You can delete temporary "zowe-1.0.0.pax.sha512.my" after that.
You can also use other commands, like "
sha512sum", or "
openssl dgst -sha512" to generate SHA512 hash code. Just those hash code results are in a different format from what we provided but the values should be the same.
In addition to the SHA512 hash we ensure that the hash is verifiable as well. This is done by digitally signing the hash text file with a KEY from one of the Zowe developers.
You can download the signature file zowe-1.0.0.pax.asc, and public key KEYS.
There are few steps:
gpg --import KEYS
gpg --gen-key. Otherwise, please proceed to next step.
gpg --sign-key KEY
gpg --verify zowe-1.0.0.pax.asc zowe-1.0.0.pax
gpg --delete-key KEY
If you see output like this that matches the info in the public key you downloaded you can be assured that the binary file you have has come from the Zowe project.
gpg: using RSA key KEY
gpg: Good signature from "SIGNER (CODE SIGNING KEY) " [full]
After you download the Zowe package, you're ready to get started. Read the Zowe documentation to review the system requirements and follow the instructions to install Zowe.
View the source code, provide feedback, and contribute to the project through Zowe GitHub.