JuliaPro file integrity

question
security

#1

Hi,

I have been struggling to download Julia for a few days now (Slow South African internet connections!). The link seems to expire mid download. Eventually I got a full download (potentially). I would like to verify its integrity though.

Can any of you help me? Surprised that no checksums are provided (are they provided somewhere I don’t know about?

Here is what I tried:

$ gpg --verify ~/Downloads/JuliaPro-0.6.4.1_build-415.sh.asc ~/Downloads/JuliaPro-0.6.4.1_build-415.sh
gpg: Signature made Sat 14 Jul 2018 10:17:54 AM SAST
gpg: using RSA key 32E70AF909788F1E
gpg: Can’t check signature: No public key

`md5sum ~/Downloads/JuliaPro-0.6.4.1_build-415.sh` 15ef711852aabf98702e62115296440e ~/Downloads/JuliaPro-0.6.4.1_build-415.sh sha1sum ~/Downloads/JuliaPro-0.6.4.1_build-415.sh
da1a2c8a4e71f5e5436f05230bbcff9c978f5b72 ~/Downloads/JuliaPro-0.6.4.1_build-415.sh
$ sha256sum ~/Downloads/JuliaPro-0.6.4.1_build-415.sh
a760949ea9c7fabe4c75245b49893403d1e167f3533e7406b3dfe152af0be67d ~/Downloads/JuliaPro-0.6.4.1_build-415.sh

Please could you provide me with the correct sha256sum values? Also, is the gpg command I entered above correct?

Kind regards,
Dean


#2

Ok, I found another forum post which helped me. I entered the command to fetch the public keys just before.

`gpg --keyserver hkp://pgp.mit.edu:80 --recv-key 0x09788F1E` gpg: key 32E70AF909788F1E: public key "Julia Computing, Inc. <pradeep@juliacomputing.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg --verify ~/Downloads/JuliaPro-0.6.4.1_build-415.sh.asc ~/Downloads/JuliaPro-0.6.4.1_build-415.sh
gpg: Signature made Sat 14 Jul 2018 10:17:54 AM SAST
gpg: using RSA key 32E70AF909788F1E
gpg: Good signature from “Julia Computing, Inc. pradeep@juliacomputing.com” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4C9 1C1D 92AF 9163 ADAA 5186 32E7 0AF9 0978 8F1E


#4

You can use gpg –verify command to verify JuliaPro Linux binaries, you have to pass .asc file and the JuliaPro Linux binary in question; as argument to gpg –verify command.

Example:-

gpg --verify JuliaPro-0.6.4.1_build-415.sh.asc JuliaPro-0.6.4.1_build-415.sh

You have to download .asc file separately, link to download the .asc file is provided along with JuliaPro download links. Make sure Julia Computing GPG public keys are pre-installed on your system before executing gpg --verify. Julia Computing GPG public keys can be found in https://juliacomputing.com/products/faqs/juliaprofaq.html (Search for the question “Where can I find Julia Computing GPG public keys?” on the FAQ page)