Skip to content

v0.40.3
Compare
Choose a tag to compare
@github-actions github-actions released this 06 Sep 14:42
· 33 commits to develop since this release
v0.40.3
05d094b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/vendir-linux-amd64

# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

# Make the binary executable
chmod +x /usr/local/bin/vendir

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

Full Changelog: v0.40.2...v0.40.3

📂 Files Checksum

287b5fba2bd6079e5dc52f4da29e16a851fe4ae1d625019b00f9ca8c8da776ed  ./vendir-linux-amd64
83a734a6b8989319da6f0ad2669e75fb9b313df761852693f45e90b11828c29e  ./vendir-darwin-arm64
8bce41331a903a681040b1e09993155cb902ff90e31e3c77e9dba18118ccc4b2  ./vendir-linux-arm64
b450bf1bdbb080569e00779e99cde05e8c02547cd432b84837f00f4884457850  ./vendir-darwin-amd64
dc7c64eb65b040fa2f42943ef1dade27d4909f74ae03182dc8e2f79daf4d134f  ./vendir-windows-amd64.exe

Contributors

devanshuVmware
Assets 10
Loading