Getting Started with Apache 1.3 Page 4
The other signature type, which is replacing MD5 in the Apache distribution process, is a PGP signature. In order to check it, you will need to have loaded the PGP keys of the Apache developers (available on the Apache site at <URL:http://www.apache.org/dist/KEYS>) into your PGP tool. Verify the signature on the file using your PGP tool; for instance, like this:
% pgpv apache_1.3.12.tar.gz.asc This signature applies to another message File to check signature against [apache_1.3.12.tar.gz]: [hit Enter] Good signature made 2000-02-23 23:14 GMT by key: 768 bits, Key ID A0BB71C1, Created 1997-06-03 "Jim Jagielski
" WARNING: The signing key is not trusted to belong to: Jim Jagielski
(The last portion of the message simply means that you haven't marked Jim's key on your keyring as definitely being Jim's.)
PGP signatures provide more information about an Apache package. They identify whom of the Apache developers approved it, when, and that the package you downloaded is the same as the one the developer approved.
If either of the signatures don't match (that is, PGP reports an
error or the MD5 checksum you generated is different from the one
.md5 file), please report the problem to
Also in the main distribution directory are some files with names
starting with "
CHANGES". These describe all the
modifications and bug-fixes that have been applied to the latest
version found in the main distribution directory. If you're upgrading
from an earlier version of Apache, reading through this file
can be enlightening and informative.
If you download an Apache package, you get the source code -- even if you downloaded a binary distribution. This means that you can always rebuild the Apache binary if you need to (and have the appropriate tools installed). The exact method of rebuilding depends on your platform, but there are really only two different platforms for this process: Windows and Unix (or Unix-like).
If you want or need to build Apache from source, you can use the
following commands as a quick-start.
You should download the latest released version of the Apache
tarball and unpack it into a working directory. The top-level
directory will then be
./apache-1.3, which matches the
assumptions described earlier.