Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://www.mongodb.com/docs/manual/tutorial/verify-mongodb-packages/ below:

Verify Integrity of MongoDB Packages - Database Manual

The MongoDB release team digitally signs all software packages to certify that a particular MongoDB package is a valid and unaltered MongoDB release. Before installing MongoDB, you should validate the package using either the provided PGP signature or SHA-256 checksum.

PGP signatures provide the strongest guarantees by checking both the authenticity and integrity of a file to prevent tampering.

Cryptographic checksums only validate file integrity to prevent network transmission errors.

MongoDB signs each release branch with a different PGP key. The public key files for each release branch are available for download from the key server in both textual .asc and binary .pub formats.

Download the binaries from MongoDB Download Center based on your environment. You can select different platforms and versions on that page. Click Copy link and use the URL in the following instructions.

For example, to download the 8.0.12 release for macOS through the shell, run this command:

curl -LO https://fastdl.mongodb.org/osx/mongodb-macos-x86_64-8.0.12.tgz

To download the 8.0.12 release for Linux through the shell, run this command:

curl -LO https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu2204-8.0.12.tgz

For MacOS, run this command:

curl -LO https://fastdl.mongodb.org/osx/mongodb-macos-x86_64-8.0.12.tgz.sig

For Linux, run this command:

curl -LO https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu2204-8.0.12.tgz.sig

If you have not downloaded and imported the MongoDB 8.0 public key, run these commands:

curl -LO https://pgp.mongodb.com/server-8.0.ascgpg --import server-8.0.asc

PGP should return this response:

gpg: key 4B7C549A058F8B6B: "MongoDB 8.0 Release Signing Key <packaging@mongodb.com>" importedgpg: Total number processed: 1gpg:               imported: 1

For MacOS, run this command:

gpg --verify mongodb-macos-x86_64-8.0.12.tgz.sig mongodb-macos-x86_64-8.0.12.tgz

For Linux, run this command, using the correct filename for your platform:

gpg --verify mongodb-linux-x86_64-ubuntu2204-8.0.12.tgz.sig mongodb-linux-x86_64-ubuntu2204-8.0.12.tgz

GPG should return this response:

gpg: Signature made Wed Jun  5 03:17:20 2019 EDTgpg:                using RSA key 4B7C549A058F8B6Bgpg: Good signature from "MongoDB 8.0 Release Signing Key <packaging@mongodb.com>" [unknown]

If the package is properly signed, but you do not currently trust the signing key in your local trustdb, gpg will also return the following message :

gpg: WARNING: This key is not certified with a trusted signature!gpg:          There is no indication that the signature belongs to the owner.Primary key fingerprint: E162 F504 A20C DF15 827F  718D 4B7C 549A 058F 8B6B

If you receive the following error message, confirm that you imported the correct public key:

gpg: Can't check signature: public key not found

Download the binaries from MongoDB Download Center based on your environment. You can select different platforms and versions on that page. Click Copy link and use the URL in the following instructions.

For example, to download the 8.0.12 release for macOS through the shell, type this command:

curl -LO https://fastdl.mongodb.org/osx/mongodb-macos-x86_64-8.0.12.tgz

To download the 8.0.12 release for Linux through the shell, run this command:

curl -LO https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu2204-6.0.8.tgz

To download the SHA256 file for macOS through the shell, run this command with the desired URL, plus .sha256:

curl -LO https://fastdl.mongodb.org/osx/mongodb-macos-x86_64-8.0.12.tgz.sha256

To download the SHA256 file for Linux through the shell, run this command with the desired URL, plus .sha256:

curl -LO https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu2204-6.0.8.tgz.sha256

Compute the checksum of the package file you downloaded:

shasum -c mongodb-macos-x86_64-8.0.12.tgz.sha256

which should return the following if the checksum matched the downloaded package:

mongodb-macos-x86_64-8.0.12.tgz: OK

The following procedure verifies the MongoDB binary against its SHA256 key.

Download the MongoDB .msi installer. For example, to download the latest version of MongoDB Community Edition, see MongoDB Community Download Center.

1. In the Version dropdown, select 8.0.12 (current release).

2. In the Platform dropdown, select Windows.

3. In the Package dropdown, select msi.

4. Click Download and save the file to your Downloads folder.

To compare the signature file to the hash of the MongoDB binary, invoke this Powershell script:

$sigHash = (Get-Content $Env:HomePath\Downloads\mongodb-windows-x86_64-8.0.12-signed.msi.sha256 | Out-String).SubString(0,64).ToUpper(); `$fileHash = (Get-FileHash $Env:HomePath\Downloads\mongodb-windows-x86_64-8.0.12-signed.msi).Hash.Trim(); `echo $sigHash; echo $fileHash; `$sigHash -eq $fileHash

C777DF7816BB8C9A760FDEA782113949408B6F39D72BE29A2551FA51E2FE0473C777DF7816BB8C9A760FDEA782113949408B6F39D72BE29A2551FA51E2FE0473True

The command outputs three lines:

• A SHA256 hash that you downloaded directly from MongoDB.

• A SHA256 hash computed from the MongoDB binary you downloaded from MongoDB.

• A True or False result depending if the hashes match.

If the hashes match, the MongoDB binary is verified.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4