mongodb · i80and · May 27, 2015
diff --git a/source/includes/release-base.yaml b/source/includes/release-base.yaml
@@ -1,7 +1,7 @@
 ref: _curl-release
 language: 'sh'
 code: |
-  curl -O http://downloads.mongodb.org/{{platform}}/mongodb-{{platform}}-{{builder}}-{{version}}.tgz
+  curl -O https://fastdl.mongodb.org/{{platform}}/mongodb-{{platform}}-{{builder}}-{{version}}.tgz
 ---
 ref: _copy-release
 language: 'sh'
@@ -17,7 +17,7 @@ code: |
 ref: _curl-release-ent
 language: 'sh'
 code: |
-  curl -O http://downloads.10gen.com/{{platform}}/mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}.tgz
+  curl -O https://downloads.mongodb.com/{{platform}}/mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}.tgz
   tar -zxvf mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}.tgz
   cp -R -n mongodb-{{platform}}-{{builder}}-enterprise-{{distro}}-{{version}}/ mongodb
 ...
diff --git a/source/includes/steps-install-mongodb-enterprise-on-linux.yaml b/source/includes/steps-install-mongodb-enterprise-on-linux.yaml
@@ -8,7 +8,7 @@ ref: sequence
 pre: |
   After you have installed the required prerequisite packages, download
   and install the MongoDB Enterprise packages from
-  `<http://mongodb.com/download/>`_. The MongoDB
+  `<https://mongodb.com/download/>`_. The MongoDB
   binaries are located in the ``bin/`` directory of the archive. To download
   and install, use the following sequence of commands.
 ---

diff --git a/source/includes/steps-install-mongodb-enterprise-on-suse.yaml b/source/includes/steps-install-mongodb-enterprise-on-suse.yaml
@@ -8,7 +8,7 @@ action:
       Use the following command to specify the latest stable release of MongoDB.
     language: sh
     code: |
-      sudo zypper addrepo --no-gpgcheck http://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/stable/x86_64/ mongodb
+      sudo zypper addrepo --no-gpgcheck https://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/stable/x86_64/ mongodb
   - pre: |
       If you'd like to install MongoDB packages from a previous :ref:`release
       series <release-version-numbers>`, such as 2.6, you can
@@ -17,7 +17,7 @@ action:
       use the following command:
     language: sh
     code: |
-      sudo zypper addrepo --no-gpgcheck http://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/2.6/x86_64/ mongodb
+      sudo zypper addrepo --no-gpgcheck https://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/2.6/x86_64/ mongodb
 ---
 title: Install the MongoDB packages and associated tools.
 stepnum: 2

diff --git a/source/includes/steps-install-mongodb-on-debian.yaml b/source/includes/steps-install-mongodb-on-debian.yaml
@@ -4,7 +4,7 @@ ref: import-key
 action:
   pre: |
     Issue the following command to add the `MongoDB public GPG Key
-    <http://docs.mongodb.org/10gen-gpg-key.asc>`_ to the system key ring.
+    <https://docs.mongodb.org/10gen-gpg-key.asc>`_ to the system key ring.
   language: sh
   code: |
     sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10

diff --git a/source/includes/steps-install-mongodb-on-red-hat.yaml b/source/includes/steps-install-mongodb-on-red-hat.yaml
@@ -12,7 +12,7 @@ action:
     code: |
       [mongodb-org-3.0]
       name=MongoDB Repository
-      baseurl=http://repo.mongodb.org/yum/{{distro_name}}/{{distro_release}}/mongodb-org/3.0/x86_64/
+      baseurl=https://repo.mongodb.org/yum/{{distro_name}}/{{distro_release}}/mongodb-org/3.0/x86_64/
       gpgcheck=0
       enabled=1
   - pre: |

diff --git a/source/includes/steps-install-mongodb-on-suse.yaml b/source/includes/steps-install-mongodb-on-suse.yaml
@@ -8,7 +8,7 @@ action:
       Use the following command to specify the *latest* stable release of MongoDB.
     language: sh
     code: |
-      zypper addrepo --no-gpgcheck http://repo.mongodb.org/zypper/suse/11/mongodb-org/3.0/x86_64/ mongodb
+      zypper addrepo --no-gpgcheck https://repo.mongodb.org/zypper/suse/11/mongodb-org/3.0/x86_64/ mongodb
   - pre: |
       This repository only offers the ``3.0`` MongoDB release.  If you'd like
       to install MongoDB packages from a previous :ref:`release

diff --git a/source/includes/steps-install-mongodb-on-ubuntu.yaml b/source/includes/steps-install-mongodb-on-ubuntu.yaml
@@ -6,7 +6,7 @@ action:
     The Ubuntu package management tools (i.e. ``dpkg`` and ``apt``) ensure
     package consistency and authenticity by requiring that distributors
     sign packages with GPG keys. Issue the following command to import the
-    `MongoDB public GPG Key <http://docs.mongodb.org/10gen-gpg-key.asc>`_:
+    `MongoDB public GPG Key <https://docs.mongodb.org/10gen-gpg-key.asc>`_:
   language: sh
   code: |
     sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10

diff --git a/source/includes/steps-install-verify-files-md5.yaml b/source/includes/steps-install-verify-files-md5.yaml
diff --git a/source/includes/steps-install-verify-files-pgp.yaml b/source/includes/steps-install-verify-files-pgp.yaml
@@ -6,35 +6,36 @@ action:
       Download the binaries from ``https://www.mongodb.org/downloads``
       based on your environment.
 
-      For example, to download the ``2.6.0`` release for OS X through the
+      For example, to download the ``3.0.3`` release for OS X through the
       shell, type this command:
    language: sh
    code: |
-      curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz
+      curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz
 ---
 title: Download the public signature file.
 stepnum: 2
 ref: download-sig-file
 action:
    language: sh
    code: |
-      curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz.sig
+      curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz.sig
 ---
 title: Download then import the key file.
 stepnum: 3
 ref: download-key-file
 action:
  - pre: |
-      If you have not downloaded and imported the key file, enter these commands:
+      If you have not downloaded and imported the MongoDB 2.8/3.0 public key,
+      enter these commands:
    language: sh
    code: |
-      curl -LO https://www.mongodb.org/static/pgp/server-2.6.asc
-      gpg --import server-2.6.asc
+      curl -LO https://www.mongodb.org/static/pgp/server-2.8.asc
+      gpg --import server-2.8.asc
  - pre: |
       You should receive this message:
    language: sh
    code: |
-      gpg: key AAB2461C: public key "MongoDB 2.6 Release Signing Key <[email protected]>" imported
+      gpg: key 857FD301: public key "MongoDB 2.8 Release Signing Key <[email protected]>" imported
       gpg: Total number processed: 1
       gpg:               imported: 1  (RSA: 1)
 ---
@@ -46,19 +47,19 @@ action:
      Type this command:
    language: sh
    code: |
-     gpg --verify mongodb-osx-x86_64-2.6.0.tgz.sig mongodb-osx-x86_64-2.6.0.tgz
+     gpg --verify mongodb-osx-x86_64-3.0.3.tgz.sig mongodb-osx-x86_64-3.0.3.tgz
  - pre: |
      You should receive this message:
    language: sh
    code: |
-     gpg: Signature made Thu Mar  6 15:11:28 2014 EST using RSA key ID AAB2461C
-     gpg: Good signature from "MongoDB 2.6 Release Signing Key <[email protected]>"
+     gpg: Signature made Tue 12 May 2015 11:29:21 AM EDT using RSA key ID 857FD301
+     gpg: Good signature from "MongoDB 2.8 Release Signing Key <[email protected]>" [unknown]
  - pre: |
-     Download and import the key file, as described above, if you receive a
-     message like this one:
+     If you receive a message such as the following, confirm that you imported
+     the correct public key:
    language: sh
    code: |
-     gpg: Signature made Thu Mar  6 15:11:28 2014 EST using RSA key ID AAB2461C
+     gpg: Signature made Tue 12 May 2015 11:29:21 AM EDT using RSA key ID 857FD301
      gpg: Can't check signature: public key not found
  - pre: |
      ``gpg`` will return the following message if the package is
@@ -68,5 +69,5 @@ action:
    code: |
      gpg: WARNING: This key is not certified with a trusted signature!
      gpg:          There is no indication that the signature belongs to the owner.
-     Primary key fingerprint: DFFA 3DCF 326E 302C 4787  673A 01C4 E7FA AAB2 461C
+     Primary key fingerprint: BDC0 DB28 022D 7DEA 1490  DC3E 7085 801C 857F D301
 ...
diff --git a/source/includes/steps-install-verify-files-sha.yaml b/source/includes/steps-install-verify-files-sha.yaml
@@ -1,16 +1,24 @@
-inherit:
-  file: steps-install-verify-files-md5.yaml
-  ref: download-install-file
+title: Download the MongoDB installation file.
 stepnum: 1
+ref: download-install-file
+pre: |
+   Download the binaries from ``https://www.mongodb.org/downloads``
+   based on your environment.
+
+   For example, to download the ``3.0.3`` release for OS X through the
+   shell, type this command:
+action:
+  language: sh
+  code: |
+    curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz
 ---
-title: Download the SHA1 and SHA256 file.
+title: Download the SHA256 file.
 stepnum: 2
 ref: download-sha-file
 action:
   language: sh
   code: |
-    curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.3.tgz.sha1
-    curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.3.tgz.sha256
+    curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.3.tgz.sha256
 ---
 title: Use the SHA-256 checksum to verify the MongoDB package file.
 stepnum: 3
@@ -20,49 +28,11 @@ action:
       Compute the checksum of the package file:
     language: sh
     code: |
-      shasum mongodb-linux-x86_64-2.6.3.tgz
-  - pre: |
-      which will generate this result:
-    language: sh
-    code: |
-      fe511ee40428edda3a507f70d2b91d16b0483674 mongodb-osx-x86_64-2.6.3.tgz
-  - pre: |
-      Enter this command:
-    language: sh
-    code: |
-      cat mongodb-linux-x86_64-2.6.3.tgz.sha1
-  - pre: |
-      which will generate this result:
-    language: sh
-    code: |
-      fe511ee40428edda3a507f70d2b91d16b0483674 mongodb-osx-x86_64-2.6.3.tgz
-  - post: |
-      The output of the ``shasum`` and ``cat`` commands should be identical.
----
-title: Use the SHA-1 checksum to verify the MongoDB package file.
-stepnum: 3
-ref: verify-install-file-sha1
-action:
-  - pre: |
-      Compute the checksum of the package file:
-    language: sh
-    code: |
-      shasum -a 256 mongodb-linux-x86_64-2.6.3.tgz
-  - pre: |
-      which will generate this result:
-    language: sh
-    code: |
-      be3a5e9f4e9c8e954e9af7053776732387d2841a019185eaf2e52086d4d207a3  mongodb-osx-x86_64-2.6.3.tgz
-  - pre: |
-      Enter this command:
-    language: sh
-    code: |
-      cat mongodb-linux-x86_64-2.6.3.tgz.sha256
+      shasum -c mongodb-osx-x86_64-3.0.3.tgz.sha256
   - pre: |
-      which will generate this result:
+      which should return the following if the checksum matched the downloaded
+      package:
     language: sh
     code: |
-      be3a5e9f4e9c8e954e9af7053776732387d2841a019185eaf2e52086d4d207a3  mongodb-osx-x86_64-2.6.3.tgz
-  - post: |
-      The output of the ``shasum`` and ``cat`` commands should be identical.
-...
+      mongodb-osx-x86_64-3.0.3.tgz: OK
+...
diff --git a/source/tutorial/verify-mongodb-packages.txt b/source/tutorial/verify-mongodb-packages.txt
@@ -9,50 +9,29 @@ Overview
 
 The MongoDB release team digitally signs all software packages to
 certify that a particular MongoDB package is a valid and unaltered
-MongoDB release.
+MongoDB release. Before installing MongoDB, you should validate the package
+using either the provided PGP signature or SHA-256 checksum.
 
-Before installing MongoDB, you can validate packages using either a PGP
-signature or with MD5 and SHA checksums of the MongoDB packages. The PGP
-signatures store an encrypted hash of the software package, that you
-can validate to ensure that the package you have is consistent with
-the official package release. MongoDB also publishes MD5 and SHA hashes of
-the official packages that you can use to confirm that you have a
-valid package.
+PGP signatures provide the strongest guarantees by checking both the
+authenticity and integrity of a file to prevent tampering.
 
-Considerations
---------------
-
-MongoDB signs each release branch with a different PGP key.
-
-The public ``.asc`` and ``.pub`` key files for each branch are
-available for download. For example, the 2.2 keys are available at the
-following URLs:
-
-.. code-block:: ini
-
-   https://www.mongodb.org/static/pgp/server-2.2.asc
-   https://www.mongodb.org/static/pgp/server-2.2.pub
-
-Replace ``2.2`` with the appropriate release number to download public
-key. Keys are available for all MongoDB releases beginning with 2.2.
+Cryptographic checksums only validate file integrity to prevent network
+transmission errors.
 
 Procedures
 ----------
 
 Use PGP/GPG
 +++++++++++
 
-.. include:: /includes/steps/install-verify-files-pgp.rst
+MongoDB signs each release branch with a different PGP key. The public key files
+for each release branch since MongoDB 2.2 are available for download
+from the `key server <https://www.mongodb.org/static/pgp/>`_ in both textual
+``.asc`` and binary ``.pub`` formats.
 
-Use SHA
-+++++++
+.. include:: /includes/steps/install-verify-files-pgp.rst
 
-MongoDB provides checksums using both the SHA-1 and SHA-256
-hash functions. You can use either, as you like.
+Use SHA-256
++++++++++++
 
 .. include:: /includes/steps/install-verify-files-sha.rst
-
-Use MD5
-+++++++
-
-.. include:: /includes/steps/install-verify-files-md5.rst