dbist/verify_signatures.sh

## verify_signatures.sh
# import relevant KEYS from project
curl https://dist.apache.org/repos/dist/release/accumulo/KEYS | gpg --import

# verify signature against downloaded file
gpg --verify hbase-thirdparty-2.1.0-src.tar.gz.asc hbase-thirdparty-2.1.0-src.tar.gz

# verify sha512 checksum on a file
gpg --print-md sha512 hbase-thirdparty-2.1.0-src.tar.gz | diff hbase-thirdparty-2.1.0-src.tar.gz.sha512 -

# verify sha512 checksum with case insensitivity but it should work either way (diff -i)
gpg --print-md sha512 hbase-thirdparty-2.1.0-src.tar.gz | diff -i hbase-thirdparty-2.1.0-src.tar.gz.sha512 -
	# import relevant KEYS from project
	curl https://dist.apache.org/repos/dist/release/accumulo/KEYS \| gpg --import

	# verify signature against downloaded file
	gpg --verify hbase-thirdparty-2.1.0-src.tar.gz.asc hbase-thirdparty-2.1.0-src.tar.gz

	# verify sha512 checksum on a file
	gpg --print-md sha512 hbase-thirdparty-2.1.0-src.tar.gz \| diff hbase-thirdparty-2.1.0-src.tar.gz.sha512 -

	# verify sha512 checksum with case insensitivity but it should work either way (diff -i)
	gpg --print-md sha512 hbase-thirdparty-2.1.0-src.tar.gz \| diff -i hbase-thirdparty-2.1.0-src.tar.gz.sha512 -