How to verify 3YOURMIND installation package
This document describes how to verify the integrity of the 3YOURMIND deployable artifacts.
The EMail from 3YOURMIND containing the artifact will contain 4 links to 4 files:
The Archive
3yd-helm.tgz
The GPG public key (always the same)
release-key.asc
The checksum of the archive
sha256.sum
The signature of the checksum
sha256.sum.sig
Import the Release Key
In order to validate the signature, import the release-key as follows:
gpg --import release-key.asc
Then set the owner trust to something to ultimate:
gpg --edit-key A0958AFDC814773189A8B35C46E54501B9FD10A4 trust
[Input]: 5
[Input]: y
[Input]: quit
This should only be done one time. The release key does not change.
Check validity:
To check the integrity of the code package follow the following steps:
Download all 4 files into one folder
Check the Checksum
echo "$(cat sha256.sum)" | sha256sum --check
This Must output:Check the signature:
This must output something like:
How to verify 3YOURMIND aggregator package
The EMail from 3YOURMIND containing the artifact(archive) will have 4 files:
The aggregator archive
aggregator-v1.5.2.zip
The GPG public key (always the same)
release-key.asc
The checksum of the archive
sha256.sum
The signature of the checksum
sha256.sum.sig
Import the Release Key
In order to validate the signature, import the release-key as follows:
Then set the owner trust to something to ultimate:
This should only be done one time. The release key does not change.
Check validity:
To check the integrity of the code package follow the following steps:
Download all 4 files into one folder
Check the Checksum
This Must output:Check the signature:
This must output something like: