On Linux, run sha512sum --check ${IMPALA_TARBALL}.sha
On a Mac, run shasum --check ${IMPALA_TARBALL}.sha
To check a GPG signature, first download the code signing keys of the release
managers. Then import them using gpg --import KEYS. Finally,
run gpg --verify ${IMPALA_TARBALL}.asc ${IMPALA_TARBALL}