Releases: carvel-dev/imgpkg
v0.43.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Fixing CVE by @rohitagg2020 in #691
Full Changelog: v0.43.0...v0.43.1
📂 Files Checksum
578b81cedbba68057fbd5b917a337fb34c8ed7406931839efc01608668aa9bd0 ./imgpkg-darwin-amd64
649eda706a172b520307c2189ee04bdc0d2b255b9b076482873ddaa2120afc18 ./imgpkg-windows-amd64.exe
7cd1ecf4b394770ccfedc38f3b4f97a1a3d49447fa0bfe1e28a4f99751597ddf ./imgpkg-linux-arm64
9cfd34a67048dd71498d2075969592f7db181e639848239c47a47426ebbb03be ./imgpkg-darwin-arm64
d36ccfcc54143d2475cf09b0247c88bccf24a7aeb062bd9bb8cab7cb58135fcf ./imgpkg-linux-amd64
v0.43.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Get image layer from Primary Location in #660 by @rcmadhankumar
- Limit session IDs to a non-negative, pseudo-random int32 in #664 by @mamachanko
- Introduction of the copy API in #668 by @joaopapereira
Full Changelog: v0.42.0...v0.43.0
📂 Files Checksum
02a7e3fd0142c1053c14a87084820c1940f34c7372c16d883ef54091a37ac30d ./imgpkg-darwin-amd64
099627a79b7edf9ba99321f4dc4e43404bc83c42930864c9db650070e65cfb5a ./imgpkg-linux-arm64
2a0c2adb6edf0d67a0677c6dcf036c34d1f26af2858cacd9d114669829cc4848 ./imgpkg-darwin-arm64
4f87f219012e48b917d7aaf8b0ee71729f2572fc1a3deb7483bd8744fe2e1a06 ./imgpkg-linux-amd64
c07608dd4c1b534aaebe5aaf3993ae1a6e0af44691f06d4cd035836c868084c6 ./imgpkg-windows-amd64.exe
v0.42.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Bump golang to 1.22.4 #672 by @rohitagg2020
Full Changelog: v0.42.1...v0.42.2
📂 Files Checksum
493f0931964e800aab255fe32256d044369c997537e7fdc8fcc93ac978c5462e ./imgpkg-linux-arm64
59f0af401217f3dc36163c31e093b5bdceeaf9397576e894b591a014480b9c1b ./imgpkg-darwin-amd64
bea6e08f5f6bf8b2a7f31486c41b34715e5dd6e4319e15968e25cd570daf5446 ./imgpkg-linux-amd64
cae062487d5c16d52f6ec70b455b6e53202e021928c061568d4e976ff7ad1a19 ./imgpkg-windows-amd64.exe
cf10c7cb2ef202e1f4fb1f334e350c760690c21883c79f8485c488ff9007aca2 ./imgpkg-darwin-arm64
v0.42.3
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Bump go version to 1.22.5 #695 by @devanshuVmware
Full Changelog: v0.42.2...v0.42.3
📂 Files Checksum
0cb732863d7e9fa263a232f89ff162886d0c88d585ea27f2f51526f531b4707d ./imgpkg-linux-arm64
9429779c0ffdbf295e4aa10591184bab1ab3f2145153205532ad080ea3135566 ./imgpkg-linux-amd64
b0382798d3045f3641f3f5c0f28ba57fb378fed8a6a1fc2d8991883ce8384a3a ./imgpkg-windows-amd64.exe
b96ad7f72a2b6cdc59f508cf606bb280f70b81f1a5024840d4cc8fcd9f63fdca ./imgpkg-darwin-arm64
ce21316a0345219b19186b9bf40947f4c19aaa50b18ed775717b80512b0b4476 ./imgpkg-darwin-amd64
v0.42.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Describe reaches out to original registry to get information on layer incorrectly #659
Full Changelog: v0.42.0...v0.42.1
📂 Files Checksum
6a437f95f8cf0d1295c4165ce60ecf3f4dfe722a497bce8f1b8005a671551df8 ./imgpkg-darwin-arm64
76a2d5a1cc6b5917fea35c9cf7383fc742ade39f2d51f1485a25bd4a8aa58970 ./imgpkg-darwin-amd64
78ed95d612a927abc344df8cadd052610637566b98594252db3bc03ff2713d83 ./imgpkg-linux-arm64
de1816b01fcc1d602013b4b851975a46b6544ae45c001f0c2d15e1c2d4ebc420 ./imgpkg-windows-amd64.exe
fc4e0bc2e238b2ffaff8f04fba0844de0d1e5ef7dd870a4d01896361b5b5510b ./imgpkg-linux-amd64
v0.42.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- When 2 images with same SHA are reference by 2 nested bundles by @joaopapereira in #638
- Added flag --layers to enable/disable functionality of showing each layers of image by @kumaritanushree in #639
- Collect description information for images from correct registry by @joaopapereira in #637
- Update Copyright Headers by @prashantrewar in #647
- [chore] bump docker deps to v25.0.5 by @grokspawn in #648
- Bump go version to 1.22.2 by @sethiyash in #651
🔈 Callouts
- @prashantrewar made their first contribution in #647
- @grokspawn made their first contribution in #648
Full Changelog: v0.41.0...v0.42.0
📂 Files Checksum
0bb6235af28abafc3458e30fbbd49e040aaa2189c4c39212a3c7a5a57ea83754 ./imgpkg-linux-amd64
3efc3081538273e924152c978911b0331b9b397cc72e587803c51b5f06f6636a ./imgpkg-darwin-arm64
89272b9b14512787154eef4fa1ba2132afd4cac1840af757efb8ca9f09fe4711 ./imgpkg-windows-amd64.exe
bbe4c9a3eae83df55b267506a3e6b22d94a7b4ed642f94797779e2b0ba647373 ./imgpkg-darwin-amd64
fc7ad7465730297085e4c7deefc47e2e56713be957971935008460a9bc709a0a ./imgpkg-linux-arm64
v0.41.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
Changelog
✨ What's new
- When 2 images with same SHA are reference by 2 nested bundles by @joaopapereira in #638
Full Changelog: v0.41.0...v0.41.1
📂 Files Checksum
50d63ad2b4735858112a55e3a2baf9af8568e459e79537f7aa04baf60b291797 ./imgpkg-darwin-amd64
004551cec931a3633c0bb380e113f9c700796deab240a514201c2ec6f0a6fc4e ./imgpkg-darwin-arm64
e6291309be274d8137116bba06824af763e22110d48e9cc45aca0d3135420966 ./imgpkg-linux-amd64
1fc1c933cc235ef13dedf701075b36fea9c5da425783bec18452ccfb5332cac9 ./imgpkg-linux-arm64
35553c5790ae289d9c964c8954ebed47c55d189a279fc4c5baa28d58f3a24157 ./imgpkg-windows-amd64.exe
v0.41.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Some layers in some images do not have a DiffID, and imgpkg was not able to process them #464
- Images that contained OS filesystem could not be pulled due to symlinks and other file types #441
- Updated dependencies
Full Changelog: v0.40.0...v0.41.0
📂 Files Checksum
036dc61fe3fa4157aea62cf9284e3c8d7b4f878becbbac21629d043bef1e9171 ./imgpkg-windows-amd64.exe
1822aef7b14f97da0e1d12946362a773863e601c57d943a886ba86f71fcc6777 ./imgpkg-darwin-amd64
2b1bc6ecd757a099b788474a0bf81748c69b5745443a351db0558fd3fcd431df ./imgpkg-linux-arm64
50eb0ff74447c2d46ab9152794ae11076233390f9a7747a9056985a8de072be0 ./imgpkg-linux-amd64
8553577a8db76e9aee7963ba2c6bc88c5f5dab04286c51e05291ab87dc8d7290 ./imgpkg-darwin-arm64
v0.40.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Upgrade golang version to 1.22.5 in v0.40.x by @devanshuVmware in #696
Full Changelog: v0.40.1...v0.40.2
📂 Files Checksum
4e3022f96b557b265b056997d19c9662b7ce23315d3ffc97eec829836adb27a4 ./imgpkg-windows-amd64.exe
b8d128c3d8f588c71e2866f959bceb9761988bcb5a948d271731952fd204343d ./imgpkg-darwin-arm64
d80fd7134b8dff0afe12aef7124099e1d4dfd043aa88d4da8fa93710e255f667 ./imgpkg-linux-arm64
dd2567580256f511af2e2f272c8550c94c5b5763ac5b0e9296c26328cb2fbc1d ./imgpkg-linux-amd64
fbe3a0f4eb2dfef33eb563226016500809df02eccbb57f596ad2f30a151d6968 ./imgpkg-darwin-amd64
v0.40.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Bump go version to 1.21.9 in v0.40.x by @sethiyash in #653
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
1eccbea8d3eaaaca681a1337ab9ce29c58e6f3cab87665684fde174bc9f49657 ./imgpkg-windows-amd64.exe
5787a7e3ebfb6d67592918c5f5ed0a6d797009d6faf3eae99528b50ba45e4eae ./imgpkg-darwin-arm64
7b4461e6a37d2f62055120e317dd30485eefebcf8c91d8abd4d0d4f55e2d9842 ./imgpkg-darwin-amd64
94f4db59db55448e6ff000426d1a6fa592f491a1fcbdfb7d71bcb4854128ab32 ./imgpkg-linux-amd64
ccc2f144c76c409f7c9470ebacb7903a5b576b9b8b561010734620d48971d897 ./imgpkg-linux-arm64