From ec88d226cf9b546ea3716ad6cdf3732aa97e325d Mon Sep 17 00:00:00 2001 From: tison Date: Sun, 28 Apr 2024 22:43:53 +0800 Subject: [PATCH] docs: add download page Signed-off-by: tison --- docs/source/download.md | 60 +++++++++++++++++++++++++ docs/source/index.rst | 3 +- docs/source/user-guide/example-usage.md | 2 +- 3 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 docs/source/download.md diff --git a/docs/source/download.md b/docs/source/download.md new file mode 100644 index 000000000000..c0f54bdf019e --- /dev/null +++ b/docs/source/download.md @@ -0,0 +1,60 @@ + + +# Download + +The official Apache DataFusion releases are provided as source artifacts. + +## Releases + +The latest source release is [0.45.0](https://www.apache.org/dyn/closer.lua/opendal/0.45.0/apache-opendal-0.45.0-src.tar.gz?action=download) ([asc](https://downloads.apache.org/opendal/0.45.0/apache-opendal-0.45.0-src.tar.gz.asc), +[sha512](https://downloads.apache.org/opendal/0.45.0/apache-opendal-0.45.0-src.tar.gz.sha512)). + +For older releases, please check the [archive](https://archive.apache.org/dist/datafusion/). + +## Notes + +- When downloading a release, please verify the OpenPGP compatible signature (or failing that, check the SHA-512); these should be fetched from the main Apache site. +- The KEYS file contains the public keys used for signing release. It is recommended that (when possible) a web of trust is used to confirm the identity of these keys. +- Please download the [KEYS](https://downloads.apache.org/datafusion/KEYS) as well as the .asc signature files. + +### To verify the signature of the release artifact + +You will need to download both the release artifact and the .asc signature file for that artifact. Then verify the signature by: + +- Download the KEYS file and the .asc signature files for the relevant release artifacts. +- Import the KEYS file to your GPG keyring: + + ```shell + gpg --import KEYS + ``` + +- Verify the signature of the release artifact using the following command: + + ```shell + gpg --verify .asc + ``` + +### To verify the checksum of the release artifact + +You will need to download both the release artifact and the .sha512 checksum file for that artifact. Then verify the checksum by: + +```shell +shasum -a 512 -c .sha512 +``` diff --git a/docs/source/index.rst b/docs/source/index.rst index 84d920bd66c9..50c22d50587b 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -66,10 +66,11 @@ Please see the `developer’s guide`_ for contributing and `communication`_ for :maxdepth: 1 :caption: Links - Github and Issue Tracker + GitHub and Issue Tracker crates.io API Docs Code of conduct + Download .. _toc.guide: .. toctree:: diff --git a/docs/source/user-guide/example-usage.md b/docs/source/user-guide/example-usage.md index 2fb4e55d698d..ae45c98d7483 100644 --- a/docs/source/user-guide/example-usage.md +++ b/docs/source/user-guide/example-usage.md @@ -36,7 +36,7 @@ tokio = "1.0" ## Add latest non published DataFusion dependency DataFusion changes are published to `crates.io` according to [release schedule](https://github.com/apache/datafusion/blob/main/dev/release/README.md#release-process) -In case if it is required to test out DataFusion changes which are merged but yet to be published, Cargo supports adding dependency directly to Github branch +In case if it is required to test out DataFusion changes which are merged but yet to be published, Cargo supports adding dependency directly to GitHub branch ```toml datafusion = { git = "https://github.com/apache/datafusion", branch = "main"}