Download project resources

This page proposes to download resources related to the ROHC library. Unsupported releases are also available.

Verifying the integrity of downloaded files before using them is greatly recommended.

Learn how to build the library from sources on the wiki.

Up-to-date releases

release 2.0.0 (stable)

The 2.0.0 release is a major release that introduces new features such as:

The 2.0.x releases are fully supported. They will become old stable as soon as major version N+1 will be released.


release 1.7.0 (old stable)

The 1.7.0 release is a major release that introduces new features such as:

The 1.7.x releases is the old stable release. Please prefer the 2.0.0 release.


How to verify downloaded files?

There are two ways to check the files you've downloaded:

The checksum lets you check that the file was not corrupted during the transfer from the server to your machine. The digital signature lets you check that the file was created by the project maintainer and not altered since then.

Using the checksum

The checksum is a short sequence of letters and numbers obtained by using the SHA-256 hashing algorithm on a file.

You can use that sequence, called the SHA-256 sum, to check that the file has arrived on your machine intact.

  1. Download the checksum file to the same directory where you've downloaded the project file you want to verify. The checksum file will have the same name as the project file you've downloaded but with .sha256 appended to the end.
  2. Open a terminal, change to the directory where you have saved the file and accompanying checksum, then enter the following: $ sha256sum -c checksumfilename Replace checksumfilename with the checksum filename. Obviously you need to replace filename with the name of the file you downloaded.
  3. You'll see a line saying whether file integrity is fine or not. filename: OK filename: FAILED
    sha256sum: WARNING: 1 computed checksum did NOT match
    If the checksum does not match, do not use the downloaded file. Try to download it again. If it fails again, tell so on the project mailing list.

Verifying a signature

You can tell which files have a signature by looking out for the sig link alongside the checksum link. Verifying the files signature lets you check that the file is exactly as intended by the project maintainer.

  1. Download the signature file to the same directory where you've downloaded the project file you want to verify. The signature file will have the same name as the project file you've downloaded but with .asc or .sig appended to the end.
  2. Open a terminal, change to the directory where you have saved the file and accompanying signature, then enter the following: $ gpg --verify signaturefilename Replace signaturefilename with the signature's filename. gpg will now try to check the signature against the signer's public key. If your version of gpg is configured to retrieve public keys automatically, you can skip to step 3. Otherwise, you'll need to fetch the signer's public key manually.
  3. If gpg can't find the public key on your local system, it will give you an error message similar to this: $ gpg --verify signaturefilename
    gpg: Signature made Sun May 30 19:24:46 2010 CEST using DSA key ID 008E8DAD
    gpg: Can't check signature: No public key
    That's no problem: you can easily retrieve the public key. Simply copy the key ID; it's the alphanumeric code, 008E8DAD, at the end of the first line of the error message. Next, enter: $ gpg --recv-keys 008E8DAD 1B2BB9C1
    gpg: requesting key 008E8DAD from hkp server keys.gnupg.net
    gpg: requesting key 1B2BB9C1 from hkp server keys.gnupg.net
    gpg: key 008E8DAD: public key "Didier Barvaux <didier@barvaux.org>" imported
    gpg: key 1B2BB9C1: public key "Didier Barvaux <didier@barvaux.org>" imported
    gpg: Total number processed: 2
    gpg: imported: 2
    gpg will now pull down the public key and you can re-run gpg --verify signaturefilename
  4. When asking for verifying signature, you'll see a message from gpg that is similar to this: $ gpg --verify signaturefilename
    gpg: Signature made Sun May 30 19:24:46 2010 CEST using DSA key ID 008E8DAD
    gpg: Good signature from "Didier Barvaux <didier@barvaux.org>"
    gpg: aka "Didier Barvaux <didier@barvaux.fr>"
    gpg: aka "Didier Barvaux <didier.barvaux@wanadoo.fr>"
    gpg: aka "Didier Barvaux <didier.barvaux@toulouse.viveris.com>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 5EAE 8FAA 34ED 2285 23A7 CC01 84AD 9033 008E 8DAD
    This message shows that the file hasn't changed since it was signed by the maintainer. The file is safe for use if the fingerprint printed by the gpg command matches one of the two hereafter: 008E8DAD: 5EAE 8FAA 34ED 2285 23A7 CC01 84AD 9033 008E 8DAD
    1B2BB9C1: 3B70 29D1 9456 ABFE 48B6 B803 D716 27AD 1B2B B9C1
    If the fingerprint does not match, do not use the downloaded file. Try to download it again. If it fails again and the checksum says the file is OK, tell so on the project mailing list.

Unsupported releases

The releases hereafter are not supported anymore. They contains known bugs and security problems. Please update to a supported releases quickly.

release 1.6.1

release 1.6.0

release 1.5.3

release 1.5.2

release 1.5.1

release 1.5.0

release 1.4.3

release 1.4.2

release 1.4.1

release 1.4.0

release 1.3.3

release 1.3.2

release 1.3.1

release 1.3.0

release 1.2.3

release 1.2.2

release 1.2.1

release 1.2.0

release 1.1.0

release 1.0.0

Releases

Next major release: 2.1.0 Git branch roadmap
Current stable release: 2.0.0 download release notes
Previous stable release: 1.7.0 download release notes

Sponsors

Viveris Technologies logo
Viveris Technologies
provides to the project the skills of its engineering teams in the telecommunications, network and Linux fields.

Viveris Technologies proposes the knowledge and expertise gained on the ROHC library to companies and people that are interested in network header compression, but do not have the skills or the time to integrate the ROHC mechanisms in their application or infrastructure.

back to top