Skip to content

Verify Downloads

To verify that a CodeLogic file you downloaded is not corrupted and has not been altered, compare its SHA-256 hash to the value listed for your release in SHA256SUMS.txt.

CodeLogic publishes that file to the public repository when a release is promoted to repo.codelogic.com:

http://repo.codelogic.com/checksums/<version>/SHA256SUMS.txt

For example, for version 25.9.3:

wget http://repo.codelogic.com/checksums/25.9.3/SHA256SUMS.txt

Important

Internet access is required to download SHA256SUMS.txt.

The checksum file is specific to a CodeLogic release version. Use the version that matches your installation.

Determine your CodeLogic version

Use the release version that matches your deployment—for example, the version tag from your server package repository, the version reported by apt list codelogic-* on agent hosts, or the version documented in your deployment manifest.

What the checksum file covers

SHA256SUMS.txt lists SHA-256 hashes for release artifacts, including agent packages, Docker images, installers, and server packages built for that version.

Verification is a manual comparison: compute the hash of the file you downloaded and match it to the corresponding line in SHA256SUMS.txt. This file is not GPG-signed; Debian package installation from repo.codelogic.com uses separate apt repository signing (Release.gpg / InRelease).

Verify a download

For example, to verify the Java agent Windows installer:

  1. Download the CodeLogic Java Agent Windows installer from your CodeLogic server package repository or repo.codelogic.com:
wget http://your_server/codelogic/server/packages/codelogic-java.msi
  1. Download SHA256SUMS.txt for your CodeLogic version (see above).
  2. Generate a SHA-256 checksum for the downloaded file.
$ sha256sum ./codelogic-java.msi
bba19b8b532318bad0d21b40f19f97f881577abd155fc832b70ed52fc2004303  ./codelogic-java.msi
  1. Compare the generated checksum to the entry in SHA256SUMS.txt.
$ grep codelogic-java.msi SHA256SUMS.txt
bba19b8b532318bad0d21b40f19f97f881577abd155fc832b70ed52fc2004303  codelogic-java.msi

If the hashes match, the file matches the release manifest for that version.