diff --git a/source/includes/release-base.yaml b/source/includes/release-base.yaml
index d15ff88ed1e..d64172af387 100644
--- a/source/includes/release-base.yaml
+++ b/source/includes/release-base.yaml
@@ -1,7 +1,7 @@
ref: _curl-release
language: 'sh'
code: |
- curl -O http://downloads.mongodb.org/{{platform}}/mongodb-{{platform}}-{{builder}}-{{version}}.tgz
+ curl -O https://fastdl.mongodb.org/{{platform}}/mongodb-{{platform}}-{{builder}}-{{version}}.tgz
---
ref: _copy-release
language: 'sh'
@@ -17,7 +17,7 @@ code: |
ref: _curl-release-ent
language: 'sh'
code: |
- curl -O http://downloads.10gen.com/{{platform}}/mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}.tgz
+ curl -O https://downloads.mongodb.com/{{platform}}/mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}.tgz
tar -zxvf mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}.tgz
cp -R -n mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}/ mongodb
...
diff --git a/source/includes/steps-install-mongodb-enterprise-on-linux.yaml b/source/includes/steps-install-mongodb-enterprise-on-linux.yaml
index a85c36afad6..1e0c4af809c 100644
--- a/source/includes/steps-install-mongodb-enterprise-on-linux.yaml
+++ b/source/includes/steps-install-mongodb-enterprise-on-linux.yaml
@@ -8,7 +8,7 @@ ref: sequence
pre: |
After you have installed the required prerequisite packages, download
and install the MongoDB Enterprise packages from
- ``_. The MongoDB
+ ``_. The MongoDB
binaries are located in the ``bin/`` directory of the archive. To download
and install, use the following sequence of commands.
---
diff --git a/source/includes/steps-install-mongodb-enterprise-on-suse.yaml b/source/includes/steps-install-mongodb-enterprise-on-suse.yaml
index 77b3c852412..83991d9eb34 100644
--- a/source/includes/steps-install-mongodb-enterprise-on-suse.yaml
+++ b/source/includes/steps-install-mongodb-enterprise-on-suse.yaml
@@ -8,7 +8,7 @@ action:
Use the following command to specify the latest stable release of MongoDB.
language: sh
code: |
- sudo zypper addrepo --no-gpgcheck http://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/stable/x86_64/ mongodb
+ sudo zypper addrepo --no-gpgcheck https://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/stable/x86_64/ mongodb
- pre: |
If you'd like to install MongoDB packages from a previous :ref:`release
series `, such as 2.6, you can
@@ -17,7 +17,7 @@ action:
use the following command:
language: sh
code: |
- sudo zypper addrepo --no-gpgcheck http://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/2.6/x86_64/ mongodb
+ sudo zypper addrepo --no-gpgcheck https://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/2.6/x86_64/ mongodb
---
title: Install the MongoDB packages and associated tools.
stepnum: 2
diff --git a/source/includes/steps-install-mongodb-on-debian.yaml b/source/includes/steps-install-mongodb-on-debian.yaml
index 0ba217acc62..a00e6138411 100644
--- a/source/includes/steps-install-mongodb-on-debian.yaml
+++ b/source/includes/steps-install-mongodb-on-debian.yaml
@@ -4,7 +4,7 @@ ref: import-key
action:
pre: |
Issue the following command to add the `MongoDB public GPG Key
- `_ to the system key ring.
+ `_ to the system key ring.
language: sh
code: |
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
diff --git a/source/includes/steps-install-mongodb-on-red-hat.yaml b/source/includes/steps-install-mongodb-on-red-hat.yaml
index 1cd89c50ffd..a1f761d4e93 100644
--- a/source/includes/steps-install-mongodb-on-red-hat.yaml
+++ b/source/includes/steps-install-mongodb-on-red-hat.yaml
@@ -12,7 +12,7 @@ action:
code: |
[mongodb-org-3.0]
name=MongoDB Repository
- baseurl=http://repo.mongodb.org/yum/{{distro_name}}/{{distro_release}}/mongodb-org/3.0/x86_64/
+ baseurl=https://repo.mongodb.org/yum/{{distro_name}}/{{distro_release}}/mongodb-org/3.0/x86_64/
gpgcheck=0
enabled=1
- pre: |
diff --git a/source/includes/steps-install-mongodb-on-suse.yaml b/source/includes/steps-install-mongodb-on-suse.yaml
index ffac1da0573..0c3a4e6e143 100644
--- a/source/includes/steps-install-mongodb-on-suse.yaml
+++ b/source/includes/steps-install-mongodb-on-suse.yaml
@@ -8,7 +8,7 @@ action:
Use the following command to specify the *latest* stable release of MongoDB.
language: sh
code: |
- zypper addrepo --no-gpgcheck http://repo.mongodb.org/zypper/suse/11/mongodb-org/3.0/x86_64/ mongodb
+ zypper addrepo --no-gpgcheck https://repo.mongodb.org/zypper/suse/11/mongodb-org/3.0/x86_64/ mongodb
- pre: |
This repository only offers the ``3.0`` MongoDB release. If you'd like
to install MongoDB packages from a previous :ref:`release
diff --git a/source/includes/steps-install-mongodb-on-ubuntu.yaml b/source/includes/steps-install-mongodb-on-ubuntu.yaml
index 34c86bdbd72..74873df29a9 100644
--- a/source/includes/steps-install-mongodb-on-ubuntu.yaml
+++ b/source/includes/steps-install-mongodb-on-ubuntu.yaml
@@ -6,7 +6,7 @@ action:
The Ubuntu package management tools (i.e. ``dpkg`` and ``apt``) ensure
package consistency and authenticity by requiring that distributors
sign packages with GPG keys. Issue the following command to import the
- `MongoDB public GPG Key `_:
+ `MongoDB public GPG Key `_:
language: sh
code: |
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
diff --git a/source/includes/steps-install-verify-files-md5.yaml b/source/includes/steps-install-verify-files-md5.yaml
deleted file mode 100644
index 8efe120a13a..00000000000
--- a/source/includes/steps-install-verify-files-md5.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
-title: Download the MongoDB installation file.
-stepnum: 1
-ref: download-install-file
-pre: |
- Download the binaries from ``https://www.mongodb.org/downloads``
- based on your environment.
-
- For example, to download the ``2.6.0`` release for OS X through the
- shell, type this command:
-action:
- language: sh
- code: |
- curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz
----
-title: Download the MD5 file.
-stepnum: 2
-ref: download-md5-file
-action:
- language: sh
- code: |
- curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz.md5
----
-title: Verify the checksum values for the MongoDB package file (Linux).
-stepnum: 3
-ref: verify-install-file-linux
-action:
- - pre: |
- Compute the checksum of the package file:
- language: sh
- code: |
- md5 mongodb-linux-x86_64-2.6.0.tgz
- - pre: |
- which will generate this result:
- language: sh
- code: |
- MD5 (mongodb-linux-x86_64-2.6.0.tgz) = a937d49881f90e1a024b58d642011dc4
- - pre: |
- Enter this command:
- language: sh
- code: |
- cat mongodb-linux-x86_64-2.6.0.tgz.md5
- - pre: |
- which will generate this result:
- language: sh
- code: |
- a937d49881f90e1a024b58d642011dc4
- - post: |
- The output of the ``md5`` and ``cat`` commands should be identical.
----
-title: Verify the MongoDB installation file (OS X).
-stepnum: 4
-ref: verify-install-file-osx
-action:
- - pre: |
- Compute the checksum of the package file:
- language: sh
- code: |
- md5sum -c mongodb-osx-x86_64-2.6.0.tgz.md5 mongodb-osx-x86_64-2.6.0.tgz
- - pre: |
- which will generate this result:
- language: sh
- code: |
- mongodb-osx-x86_64-2.6.0-rc1.tgz ok
-...
diff --git a/source/includes/steps-install-verify-files-pgp.yaml b/source/includes/steps-install-verify-files-pgp.yaml
index 7ed80b53462..41c14a17fbb 100644
--- a/source/includes/steps-install-verify-files-pgp.yaml
+++ b/source/includes/steps-install-verify-files-pgp.yaml
@@ -6,11 +6,11 @@ action:
Download the binaries from ``https://www.mongodb.org/downloads``
based on your environment.
- For example, to download the ``2.6.0`` release for OS X through the
+ For example, to download the ``3.0.3`` release for OS X through the
shell, type this command:
language: sh
code: |
- curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz
+ curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz
---
title: Download the public signature file.
stepnum: 2
@@ -18,23 +18,24 @@ ref: download-sig-file
action:
language: sh
code: |
- curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz.sig
+ curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz.sig
---
title: Download then import the key file.
stepnum: 3
ref: download-key-file
action:
- pre: |
- If you have not downloaded and imported the key file, enter these commands:
+ If you have not downloaded and imported the MongoDB 2.8/3.0 public key,
+ enter these commands:
language: sh
code: |
- curl -LO https://www.mongodb.org/static/pgp/server-2.6.asc
- gpg --import server-2.6.asc
+ curl -LO https://www.mongodb.org/static/pgp/server-2.8.asc
+ gpg --import server-2.8.asc
- pre: |
You should receive this message:
language: sh
code: |
- gpg: key AAB2461C: public key "MongoDB 2.6 Release Signing Key " imported
+ gpg: key 857FD301: public key "MongoDB 2.8 Release Signing Key " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
---
@@ -46,19 +47,19 @@ action:
Type this command:
language: sh
code: |
- gpg --verify mongodb-osx-x86_64-2.6.0.tgz.sig mongodb-osx-x86_64-2.6.0.tgz
+ gpg --verify mongodb-osx-x86_64-3.0.3.tgz.sig mongodb-osx-x86_64-3.0.3.tgz
- pre: |
You should receive this message:
language: sh
code: |
- gpg: Signature made Thu Mar 6 15:11:28 2014 EST using RSA key ID AAB2461C
- gpg: Good signature from "MongoDB 2.6 Release Signing Key "
+ gpg: Signature made Tue 12 May 2015 11:29:21 AM EDT using RSA key ID 857FD301
+ gpg: Good signature from "MongoDB 2.8 Release Signing Key " [unknown]
- pre: |
- Download and import the key file, as described above, if you receive a
- message like this one:
+ If you receive a message such as the following, confirm that you imported
+ the correct public key:
language: sh
code: |
- gpg: Signature made Thu Mar 6 15:11:28 2014 EST using RSA key ID AAB2461C
+ gpg: Signature made Tue 12 May 2015 11:29:21 AM EDT using RSA key ID 857FD301
gpg: Can't check signature: public key not found
- pre: |
``gpg`` will return the following message if the package is
@@ -68,5 +69,5 @@ action:
code: |
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
- Primary key fingerprint: DFFA 3DCF 326E 302C 4787 673A 01C4 E7FA AAB2 461C
+ Primary key fingerprint: BDC0 DB28 022D 7DEA 1490 DC3E 7085 801C 857F D301
...
diff --git a/source/includes/steps-install-verify-files-sha.yaml b/source/includes/steps-install-verify-files-sha.yaml
index ea7af2ffddf..e7a0b26f410 100644
--- a/source/includes/steps-install-verify-files-sha.yaml
+++ b/source/includes/steps-install-verify-files-sha.yaml
@@ -1,16 +1,24 @@
-inherit:
- file: steps-install-verify-files-md5.yaml
- ref: download-install-file
+title: Download the MongoDB installation file.
stepnum: 1
+ref: download-install-file
+pre: |
+ Download the binaries from ``https://www.mongodb.org/downloads``
+ based on your environment.
+
+ For example, to download the ``3.0.3`` release for OS X through the
+ shell, type this command:
+action:
+ language: sh
+ code: |
+ curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz
---
-title: Download the SHA1 and SHA256 file.
+title: Download the SHA256 file.
stepnum: 2
ref: download-sha-file
action:
language: sh
code: |
- curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.3.tgz.sha1
- curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.3.tgz.sha256
+ curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz.sha256
---
title: Use the SHA-256 checksum to verify the MongoDB package file.
stepnum: 3
@@ -20,49 +28,11 @@ action:
Compute the checksum of the package file:
language: sh
code: |
- shasum mongodb-linux-x86_64-2.6.3.tgz
- - pre: |
- which will generate this result:
- language: sh
- code: |
- fe511ee40428edda3a507f70d2b91d16b0483674 mongodb-osx-x86_64-2.6.3.tgz
- - pre: |
- Enter this command:
- language: sh
- code: |
- cat mongodb-linux-x86_64-2.6.3.tgz.sha1
- - pre: |
- which will generate this result:
- language: sh
- code: |
- fe511ee40428edda3a507f70d2b91d16b0483674 mongodb-osx-x86_64-2.6.3.tgz
- - post: |
- The output of the ``shasum`` and ``cat`` commands should be identical.
----
-title: Use the SHA-1 checksum to verify the MongoDB package file.
-stepnum: 3
-ref: verify-install-file-sha1
-action:
- - pre: |
- Compute the checksum of the package file:
- language: sh
- code: |
- shasum -a 256 mongodb-linux-x86_64-2.6.3.tgz
- - pre: |
- which will generate this result:
- language: sh
- code: |
- be3a5e9f4e9c8e954e9af7053776732387d2841a019185eaf2e52086d4d207a3 mongodb-osx-x86_64-2.6.3.tgz
- - pre: |
- Enter this command:
- language: sh
- code: |
- cat mongodb-linux-x86_64-2.6.3.tgz.sha256
+ shasum -c mongodb-osx-x86_64-3.0.3.tgz.sha256
- pre: |
- which will generate this result:
+ which should return the following if the checksum matched the downloaded
+ package:
language: sh
code: |
- be3a5e9f4e9c8e954e9af7053776732387d2841a019185eaf2e52086d4d207a3 mongodb-osx-x86_64-2.6.3.tgz
- - post: |
- The output of the ``shasum`` and ``cat`` commands should be identical.
-...
\ No newline at end of file
+ mongodb-osx-x86_64-3.0.3.tgz: OK
+...
diff --git a/source/tutorial/verify-mongodb-packages.txt b/source/tutorial/verify-mongodb-packages.txt
index 749b5480031..f7b8eecffe0 100644
--- a/source/tutorial/verify-mongodb-packages.txt
+++ b/source/tutorial/verify-mongodb-packages.txt
@@ -9,32 +9,14 @@ Overview
The MongoDB release team digitally signs all software packages to
certify that a particular MongoDB package is a valid and unaltered
-MongoDB release.
+MongoDB release. Before installing MongoDB, you should validate the package
+using either the provided PGP signature or SHA-256 checksum.
-Before installing MongoDB, you can validate packages using either a PGP
-signature or with MD5 and SHA checksums of the MongoDB packages. The PGP
-signatures store an encrypted hash of the software package, that you
-can validate to ensure that the package you have is consistent with
-the official package release. MongoDB also publishes MD5 and SHA hashes of
-the official packages that you can use to confirm that you have a
-valid package.
+PGP signatures provide the strongest guarantees by checking both the
+authenticity and integrity of a file to prevent tampering.
-Considerations
---------------
-
-MongoDB signs each release branch with a different PGP key.
-
-The public ``.asc`` and ``.pub`` key files for each branch are
-available for download. For example, the 2.2 keys are available at the
-following URLs:
-
-.. code-block:: ini
-
- https://www.mongodb.org/static/pgp/server-2.2.asc
- https://www.mongodb.org/static/pgp/server-2.2.pub
-
-Replace ``2.2`` with the appropriate release number to download public
-key. Keys are available for all MongoDB releases beginning with 2.2.
+Cryptographic checksums only validate file integrity to prevent network
+transmission errors.
Procedures
----------
@@ -42,17 +24,14 @@ Procedures
Use PGP/GPG
+++++++++++
-.. include:: /includes/steps/install-verify-files-pgp.rst
+MongoDB signs each release branch with a different PGP key. The public key files
+for each release branch since MongoDB 2.2 are available for download
+from the `key server `_ in both textual
+``.asc`` and binary ``.pub`` formats.
-Use SHA
-+++++++
+.. include:: /includes/steps/install-verify-files-pgp.rst
-MongoDB provides checksums using both the SHA-1 and SHA-256
-hash functions. You can use either, as you like.
+Use SHA-256
++++++++++++
.. include:: /includes/steps/install-verify-files-sha.rst
-
-Use MD5
-+++++++
-
-.. include:: /includes/steps/install-verify-files-md5.rst