Influxdata
/
docs-v2
mirror of https://github.com/influxdata/docs-v2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
docs-v2/layouts/shortcodes/telegraf/verify.md

1.0 KiB
Raw Blame History

Verify the authenticity of downloaded binary (optional)

InfluxData cryptographically signs each Telegraf binary release. For added security, follow these steps to verify the signature of your download with gpg.

(Most operating systems include the gpg command by default. If gpg is not available, see the GnuPG homepage for installation instructions.)

  1. Download and import InfluxData's public key:

    curl -sL https://repos.influxdata.com/influxdb.key | gpg --import

  2. Download the signature file for the release by adding .asc to the download URL. For example:

    wget https://dl.influxdata.com/telegraf/releases/telegraf-1.14.1_linux_amd64.tar.gz.asc

  3. Verify the signature with gpg --verify:

    gpg --verify telegraf-1.14.1_linux_amd64.tar.gz.asc telegraf-1.14.1_linux_amd64.tar.gz

    The output from this command should include the following:

    gpg: Good signature from "InfluxDB Packaging Service <support@influxdb.com>" [unknown]