Skip to content

v0.7.2
Compare
Choose a tag to compare
@github-actions github-actions released this 16 Nov 16:53
· 114 commits to main since this release
v0.7.2
e0148ca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changelog

Bug fixes

Dependency updates

Verifying the artifacts

First, download the checksums.txt file, for example, with wget:

wget 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.2/checksums.txt'

Then, verify it using cosign:

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --cert 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.2/checksums.txt.pem' \
  --signature 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.2/checksums.txt.sig' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

Contributors

aymanbagabas and dependabot
Assets 41
Loading