Skip to content

3.1.2
Compare
Choose a tag to compare
@sans-sroc sans-sroc released this 21 Oct 20:39
· 16 commits to main since this release
3.1.2
647ae0f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Note

Starting with 3.1.1 Integrity has moved to a new build system. It leverages goreleaser to build the binaries for multiple architectures and operating systems. All binaries are now uploaded in archive format. The checksums.txt is the only file signed beside the software bill of material (SBOM) files.

3.1.2 (2024-10-21)

Bug Fixes

  • deps: update module github.com/urfave/cli/v2 to v2.27.5 (53a8e53)

Verification

Requires cosign. You can validate the checksum.txt with the following command. You can verify the hash of the archive file against the checksums.txt independently.

cosign verify-blob \
  --signature https://github.com/sans-sroc/integrity/releases/download/3.1.2/checksums.txt.sig \
  --certificate https://github.com/sans-sroc/integrity/releases/download/3.1.2/checksums.txt.pem \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-identity "https://github.com/sans-sroc/integrity/.github/workflows/goreleaser.yml@refs/tags/3.1.2" \
  https://github.com/sans-sroc/integrity/releases/download/3.1.2/checksums.txt
Assets 29
Loading