How to verify ProcessOne downloads integrity

Mickaël Rémond
· 1 min read
Send by email

Integrity of files downloaded from ProcessOne website can be verified with checksum information.
To validate your download:

  1. Download both the file.ext and the file.ext.sum.

On Linux, type the following command:

sha256sum -c file.ext.sum

On macOS, type the following command:

openssl sha256 file.ext
tail -f file.ext.sum

Compare the first hash with the contents of the file.ext.sum file.

Note: Replace file.ext by the actual name of the downloaded file.

Verifying signature

The code distributed by ProcessOne is signed. To check the signature, you first need to have GNUPG installed and configured on your system. Then, you can go through the following steps:

  1. Download the file.ext.asc along with your file.ext.

Check the ProcessOne signature with the following command:

gpg --verify file.tar.gz.asc`

Successful verification contains the text Good signature from Process-one.

Import ProcessOne public keys into your keyring with the following command. This has to be done only once:

wget -qO - https://www.process-one.net/downloads/KEYS | gpg --import

Written by Mickaël Rémond

ProcessOne Founder and CEO Entrepreneur, hacker, author and podcaster