Apache Lucy™

Apache Lucy search engine library, release 0.5.1

Apache Clownfish symbiotic object system, release 0.5.1

Verifying downloaded files

After downloading release files from a mirror, please check the MD5 and SHA checksums as well as verifying the OpenPGP compatible signature available from the main Apache download site. The KEYS file contains the public keys used for signing release. It is recommended that a web of trust is used to confirm the identity of these keys.

To verify the OpenPGP signature:

    $ gpg --import KEYS
    $ gpg --verify apache-lucy-X.Y.Z.tar.gz.asc


    $ pgpk -a KEYS
    $ pgpv apache-lucy-X.Y.Z.tar.gz.asc


    $ pgp -ka KEYS
    $ pgp apache-lucy-X.Y.Z.tar.gz.asc

To verify the MD5 checksum, compare the output of a local checksumming command against the contents of the .md5 file:

    $ gpg --print-md MD5 apache-lucy-*.tar.gz
    $ cat apache-lucy-*.tar.gz.md5

To verify the SHA512 checksum, use the same comparison technique:

    $ gpg --print-md SHA512 apache-lucy-*.tar.gz
    $ cat apache-lucy-*.tar.gz.sha