Verify Downloads
To verify that a CodeLogic file you downloaded is not corrupted and has not been altered, compare its SHA-256 hash to the value listed for your release in SHA256SUMS.txt.
CodeLogic publishes that file to the public repository when a release is promoted to repo.codelogic.com:
http://repo.codelogic.com/checksums/<version>/SHA256SUMS.txt
For example, for version 25.9.3:
wget http://repo.codelogic.com/checksums/25.9.3/SHA256SUMS.txt
Important
Internet access is required to download SHA256SUMS.txt.
The checksum file is specific to a CodeLogic release version. Use the version that matches your installation.
Determine your CodeLogic version
The version is in the lower left corner of the CodeLogic Server GUI.
What the checksum file covers
SHA256SUMS.txt lists SHA-256 hashes for release artifacts, including agent packages, Docker images, plugins, installers, and server packages built for that version.
Verification is a manual comparison: compute the hash of the file you downloaded and match it to the corresponding line in SHA256SUMS.txt. This file is not GPG-signed; Debian package installation from repo.codelogic.com uses separate apt repository signing (Release.gpg / InRelease).
Verify a download
For example, to verify the plugin for the IntelliJ IDE:
- Download the Plugin for IntelliJ IDEA from CodeLogic Server > Store > Plugins | Extensions.
- Download
SHA256SUMS.txtfor your CodeLogic version (see above). - Generate a SHA-256 checksum for the downloaded file.
$ sha256sum ./codelogic-intellij-plugin.zip
bba19b8b532318bad0d21b40f19f97f881577abd155fc832b70ed52fc2004303 ./codelogic-intellij-plugin.zip
- Compare the generated checksum to the entry in
SHA256SUMS.txt.
$ grep codelogic-intellij-plugin.zip SHA256SUMS.txt
bba19b8b532318bad0d21b40f19f97f881577abd155fc832b70ed52fc2004303 codelogic-intellij-plugin.zip
If the hashes match, the file matches the release manifest for that version.