Skip to content

DOCS-5581: Update PGP verification instructions #2371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

DOCS-5581: Update PGP verification instructions #2371

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 16 additions & 15 deletions source/includes/steps-install-verify-files-pgp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,37 +6,38 @@ action:
Download the binaries from ``https://www.mongodb.org/downloads``
based on your environment.

For example, to download the ``2.6.0`` release for OS X through the
For example, to download the ``3.0.5`` release for OS X through the
shell, type this command:
language: sh
code: |
curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz
---
title: Download the public signature file.
stepnum: 2
ref: download-sig-file
action:
language: sh
code: |
curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz.sig
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz.sig
---
title: Download then import the key file.
stepnum: 3
ref: download-key-file
action:
- pre: |
If you have not downloaded and imported the key file, enter these commands:
If you have not downloaded and imported the MongoDB 3.0 public key,
enter these commands:
language: sh
code: |
curl -LO https://www.mongodb.org/static/pgp/server-2.6.asc
gpg --import server-2.6.asc
curl -LO https://www.mongodb.org/static/pgp/server-3.0.asc
gpg --import server-3.0.asc
- pre: |
You should receive this message:
language: sh
code: |
gpg: key AAB2461C: public key "MongoDB 2.6 Release Signing Key <[email protected]>" imported
gpg: key 24F3C978: public key "MongoDB 3.0 Release Signing Key <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: imported: 1
---
title: Verify the MongoDB installation file.
stepnum: 4
Expand All @@ -46,19 +47,19 @@ action:
Type this command:
language: sh
code: |
gpg --verify mongodb-osx-x86_64-2.6.0.tgz.sig mongodb-osx-x86_64-2.6.0.tgz
gpg --verify mongodb-osx-x86_64-3.0.5.tgz.sig mongodb-osx-x86_64-3.0.5.tgz
- pre: |
You should receive this message:
language: sh
code: |
gpg: Signature made Thu Mar 6 15:11:28 2014 EST using RSA key ID AAB2461C
gpg: Good signature from "MongoDB 2.6 Release Signing Key <[email protected]>"
gpg: Signature made Mon 27 Jul 2015 07:51:53 PM EDT using RSA key ID 24F3C978
gpg: Good signature from "MongoDB 3.0 Release Signing Key <[email protected]>" [unknown]
- pre: |
Download and import the key file, as described above, if you receive a
message like this one:
If you receive a message such as the following, confirm that you imported
the correct public key:
language: sh
code: |
gpg: Signature made Thu Mar 6 15:11:28 2014 EST using RSA key ID AAB2461C
gpg: Signature made Mon 27 Jul 2015 07:51:53 PM EDT using RSA key ID 24F3C978
gpg: Can't check signature: public key not found
- pre: |
``gpg`` will return the following message if the package is
Expand All @@ -68,5 +69,5 @@ action:
code: |
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DFFA 3DCF 326E 302C 4787 673A 01C4 E7FA AAB2 461C
Primary key fingerprint: 89AE C6ED 5423 0831 793F 1384 BE0E B6AA 24F3 C978
...
10 changes: 5 additions & 5 deletions source/includes/steps-install-verify-files-sha.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,20 @@ pre: |
Download the binaries from ``https://www.mongodb.org/downloads``
based on your environment.

For example, to download the ``3.0.4`` release for OS X through the
For example, to download the ``3.0.5`` release for OS X through the
shell, type this command:
action:
language: sh
code: |
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.4.tgz
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz
---
title: Download the SHA256 file.
stepnum: 2
ref: download-sha-file
action:
language: sh
code: |
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.4.tgz.sha256
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz.sha256
---
title: Use the SHA-256 checksum to verify the MongoDB package file.
stepnum: 3
Expand All @@ -28,11 +28,11 @@ action:
Compute the checksum of the package file:
language: sh
code: |
shasum -c mongodb-osx-x86_64-3.0.4.tgz.sha256
shasum -c mongodb-osx-x86_64-3.0.5.tgz.sha256
- pre: |
which should return the following if the checksum matched the downloaded
package:
language: sh
code: |
mongodb-osx-x86_64-3.0.4.tgz: OK
mongodb-osx-x86_64-3.0.5.tgz: OK
...