Verifying downloads
Verify archives of SlimerJS you downloaded
Verify archives of SlimerJS you downloaded
You can verify files you downloaded by checking their checksums. Checksums are stored in a file on download.slimerjs.org.
It's important to verify the checksum, to be sure that the file you have is not corrupted, and is the original one.
So, download the CHECKSUM file (see the download page).
This is a file having the same name of the target file with an additional
.asc extension. It contains a kind of big number for a specific
package. Store it in the same directory of the package you downloaded.
Even if it's better, you can skip the verification of the checksum file. Verifying the checksum file allow to be sure that the file is the original one, and has not been compromised.
Note: only checksum file for stable and official packages are signed.
The checksum file is signed with PGP. You have to install PGP program on your computer (GnuPG on linux). Following instructions are for made with GnuPG.
Then download our GPG public key: slimerjs-pubkey.gpg.
curl https://slimerjs.org/slimerjs-pubkey.gpg | gpg --import
And launch the verification:
gpg --verify-files *.asc
Checksums have been calculated with sha256sum. You should install this
software. After downloading the package and its corresponding .asc
file, launch the verification:
sha256sum -c *.asc