Menu Search

Download

In addition to the source artefacts below, we offer Qpid packages and Qpid via Maven.

Qpid's source artefacts are produced as part of our community release process. The downloads on this page are from our current releases, Qpid 0.26 and Qpid Proton 0.6. You can also see our past releases.

It's important to verify the integrity of the files you download.

Messaging APIs

ContentDownloadSignature
AMQP Messengerqpid-proton-0.6.tar.gzPGP
AMQP Protocol Engineqpid-proton-0.6.tar.gzPGP
Qpid JCAqpid-java-0.26.tar.gz*PGP
Qpid JMS (AMQP 0-10, 0-91, 0-9, 0-8)qpid-java-client-0.26.tar.gz*PGP
Qpid JMS (AMQP 1.0)qpid-java-amqp-1-0-client-jms-0.26.tar.gz*PGP
Qpid Messaging API (C++, bindings)qpid-cpp-0.26.tar.gzPGP
Qpid Messaging API (Python)qpid-python-0.26.tar.gzPGP
Qpid WCFqpid-wcf-0.26.zipPGP

Servers and tools

ContentDownloadSignature
C++ brokerqpid-cpp-0.26.tar.gzPGP
C++ broker (command-line tools)qpid-tools-0.26.tar.gzPGP
Java brokerqpid-java-broker-0.26.tar.gz*PGP
QMFqpid-qmf-0.26.tar.gzPGP

*These Java artefacts are released as compiled bytecode. We also offer the source as part of our full source release [PGP].

Verify what you download

It is essential that you verify the integrity of the downloaded files using the PGP signatures or SHA1 checksums.

The PGP signatures can be verified using PGP or GPG. First download the KEYS file as well as the .asc PGP signature file for the relevant artefact. Make sure you get these files from the relevant subdirectory of the main distribution directory, rather than from a mirror. Then verify the signatures using one of the following sets of commands.

% pgpk -a KEYS
% pgpv qpid-0.26.tar.gz.asc

% pgp -ka KEYS
% pgp qpid-0.26.tar.gz.asc

% gpg --import KEYS
% gpg --verify qpid-0.26.tar.gz.asc

Alternatively, you can verify the SHA1 checksum of the files. A unix program called sha1 or sha1sum is included in many unix distributions. It is also available as part of GNU Textutils. For Windows users, FSUM supports SHA1. Ensure your generated checksum string matches the string published in the SHA1SUM file included with each release. Again, make sure you get this file from the relevant subdirectory of the main distribution directory, rather than from a mirror.

More information