|
| 1 | +<!--- |
| 2 | + Licensed to the Apache Software Foundation (ASF) under one |
| 3 | + or more contributor license agreements. See the NOTICE file |
| 4 | + distributed with this work for additional information |
| 5 | + regarding copyright ownership. The ASF licenses this file |
| 6 | + to you under the Apache License, Version 2.0 (the |
| 7 | + "License"); you may not use this file except in compliance |
| 8 | + with the License. You may obtain a copy of the License at |
| 9 | +
|
| 10 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | +
|
| 12 | + Unless required by applicable law or agreed to in writing, |
| 13 | + software distributed under the License is distributed on an |
| 14 | + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| 15 | + KIND, either express or implied. See the License for the |
| 16 | + specific language governing permissions and limitations |
| 17 | + under the License. |
| 18 | +--> |
| 19 | + |
| 20 | +# Download |
| 21 | + |
| 22 | +The official Apache DataFusion releases are provided as source artifacts. |
| 23 | + |
| 24 | +## Releases |
| 25 | + |
| 26 | +The latest source release is [37.0.0][source-link] ([asc][asc-link], |
| 27 | +[sha512][sha512-link]). |
| 28 | + |
| 29 | +[source-link]: https://www.apache.org/dyn/closer.lua/arrow/arrow-datafusion-37.0.0/apache-arrow-datafusion-37.0.0.tar.gz?action=download |
| 30 | +[asc-link]: https://www.apache.org/dyn/closer.lua/arrow/arrow-datafusion-37.0.0/apache-arrow-datafusion-37.0.0.tar.gz.asc?action=download |
| 31 | +[sha512-link]: https://www.apache.org/dyn/closer.lua/arrow/arrow-datafusion-37.0.0/apache-arrow-datafusion-37.0.0.tar.gz.sha512?action=download |
| 32 | + |
| 33 | +For older releases, please check the [archive](https://archive.apache.org/dist/datafusion/). |
| 34 | + |
| 35 | +For even older releases when DataFusion is a subject of Apache Arrow, please check [Arrow's archive](https://archive.apache.org/dist/arrow/). |
| 36 | + |
| 37 | +## Notes |
| 38 | + |
| 39 | +- When downloading a release, please verify the OpenPGP compatible signature (or failing that, check the SHA-512); these should be fetched from the main Apache site. |
| 40 | +- The KEYS file contains the public keys used for signing release. It is recommended that (when possible) a web of trust is used to confirm the identity of these keys. |
| 41 | +- Please download the [KEYS](https://downloads.apache.org/datafusion/KEYS) as well as the .asc signature files. |
| 42 | + |
| 43 | +### To verify the signature of the release artifact |
| 44 | + |
| 45 | +You will need to download both the release artifact and the .asc signature file for that artifact. Then verify the signature by: |
| 46 | + |
| 47 | +- Download the KEYS file and the .asc signature files for the relevant release artifacts. |
| 48 | +- Import the KEYS file to your GPG keyring: |
| 49 | + |
| 50 | + ```shell |
| 51 | + gpg --import KEYS |
| 52 | + ``` |
| 53 | + |
| 54 | +- Verify the signature of the release artifact using the following command: |
| 55 | + |
| 56 | + ```shell |
| 57 | + gpg --verify <artifact>.asc <artifact> |
| 58 | + ``` |
| 59 | + |
| 60 | +### To verify the checksum of the release artifact |
| 61 | + |
| 62 | +You will need to download both the release artifact and the .sha512 checksum file for that artifact. Then verify the checksum by: |
| 63 | + |
| 64 | +```shell |
| 65 | +shasum -a 512 -c <artifact>.sha512 |
| 66 | +``` |
0 commit comments