Skip to content

Commit

Permalink
[Improve] Added the verify releases doc (#418)
Browse files Browse the repository at this point in the history
* [Improve] update community/security.md

* [Improve] download page added verify releases doc

* Update security.md

* [Improve] i18n improvement
  • Loading branch information
wolfboys authored Dec 5, 2024
1 parent f4ddaca commit 271e2ab
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 11 deletions.
44 changes: 35 additions & 9 deletions src/pages/download/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,14 @@ export default function () {
const archived = downloadDataSource.slice(1, downloadDataSource.length)
return (
<Layout>
<div className="block download_page container" style={{ padding: "10px 0 30px" }}>
<div className="block download_page container" style={{padding: "10px 0 30px"}}>
<h2 className="fs-4 mb-4 fw-bold">{dataSource.download}</h2>
<div>
<span> {dataSource.downloadDesc1}</span>
<li>apache-streampark_<span style={{ color: 'red' }}>2.11</span>-<span style={{ color: 'blue' }}>2.1.5</span>-incubating-bin.tar.gz</li>
<li>apache-streampark_<span style={{ color: 'red' }}>2.12</span>-<span style={{ color: 'blue' }}>2.1.5</span>-incubating-bin.tar.gz</li>
<li>apache-streampark_<span style={{color: 'red'}}>2.11</span>-<span style={{color: 'blue'}}>2.1.5</span>-incubating-bin.tar.gz
</li>
<li>apache-streampark_<span style={{color: 'red'}}>2.12</span>-<span style={{color: 'blue'}}>2.1.5</span>-incubating-bin.tar.gz
</li>
<span>{dataSource.downloadDesc2}</span>
</div>
<h3 className="fs-4 mb-4 mt-4 fw-bold">{dataSource.latestVersion}</h3>
Expand All @@ -29,25 +31,49 @@ export default function () {
<h3 className="fs-4 mb-4 fw-bold">{dataSource.archived}</h3>
<div className="custom-info-block">
<div className='d-flex align-items-center'>
<InfoSvg className='info-icon' />
<p className="custom-block-title">Note</p >
<InfoSvg className='info-icon'/>
<p className="custom-block-title">Note</p>
</div>
<ul>
<li>{dataSource.note}</li>
</ul>
</div>
<ReleaseTable dataSource={archived} latest={false}>
</ReleaseTable>
<h3>{dataSource.verifyReleases}</h3>
<p>
<span>{dataSource.verifyDesc}</span>
</p>
<p>
<span>
{dataSource.downloadText} <a
href="https://dist.apache.org/repos/dist/dev/incubator/streampark/KEYS">PGP KEYS </a> {dataSource.verifyDesc1} :
</span>

<li> {dataSource.verifyStep1} </li>
<pre> gpg --import KEYS </pre>

<li> {dataSource.verifyStep2} </li>
<pre>
gpg --verify apache-streampark-***.asc apache-streampark-***.tar.gz
</pre>

<li> {dataSource.verifyStep2} </li>
<pre>
sha512sum --check apache-streampark-***.sha512
</pre>
</p>

<h4>License</h4>
<p>
<em>
<span>The software is licensed under the </span>
<a href="http://www.apache.org/licenses/LICENSE-2.0" target="_blank">
Apache License 2.0
</a>.
</em>
</p>
</div>
</a>.
</em>
</p>
</div>
</Layout>

);
Expand Down
18 changes: 16 additions & 2 deletions src/pages/download/languages.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,14 @@
"binary": "二进制包",
"releaseNotes": "发布记录"
},
"releaseNotes": "发布记录"
"releaseNotes": "发布记录",
"verifyReleases": "验证发版",
"verifyDesc": "你需要使用 PGP 或 SHA 签名验证下载文件的完整性,请下载 KEYS 以及 .asc/.sha512 签名文件以供相关验证,下载文件后,你应该验证相关签名,并确保它与我们的签名一致。",
"downloadText": "下载",
"verifyDesc1": "以及带有 .asc 签名的文件,然后按照下面的步骤进行验证",
"verifyStep1": "将 KEYS 文件导入到你的 GPG 密钥:",
"verifyStep2": "使用以下命令验证发布文件的签名:",
"verifyStep3": "你需要下载发布文件和该文件的 .sha512 文件。然后通过以下命令进行验证:"
},
"en": {
"download": "Download Apache StreamPark (incubating)",
Expand All @@ -33,6 +40,13 @@
"binary": "Binary",
"releaseNotes": "Release notes"
},
"releaseNotes": "release notes"
"releaseNotes": "release notes",
"verifyReleases": "Verify the releases",
"verifyDesc": "It is essential that you verify the integrity of the downloaded files using the PGP or SHA signatures. Please download the KEYS as well as the .asc/.sha512 signature files for relevant distribution. After you download the file, you should calculate a checksum for your download, and make sure it is the same as ours.",
"downloadText": "Download",
"verifyDesc1": "and the release with its .asc signature file. And then",
"verifyStep1": "Import the KEYS file to your GPG keyring:",
"verifyStep2": "Verify the signature of the release artifact using the following command:",
"verifyStep3": "You will need to download both the release artifact and the .sha512 checksum file for that artifact. Then verify the checksum by:"
}
}

0 comments on commit 271e2ab

Please sign in to comment.