On Thu, Oct 24, 2013 at 6:12 PM, Darren Shepherd <darren.s.sheph...@gmail.com> wrote: > I ran into the issue while trying to write scripts to get CloudStack > in docker. Here's my hack-tastic work around > > HASH=$(echo $(wget -O - -q > http://www.apache.org/dist/cloudstack/releases/4.2.0/apache-cloudstack-4.2.0-src.tar.bz2.sha > |\ > cut -f2 -d: ) | sed 's/ //g' | tr '[:upper:]' '[:lower:]') > > Darren >
Is there a reason not to verify authenticity and validity of the tarball with the gpg sig? gpg --import KEYS gpg --verify acs.tar.bz2.asc I think that's what I am currently defaulting to.
