github-actions
released this
04 Sep 03:29
·
24 commits
to develop
since this release
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Fix CVE by @rohitagg2020 in #507
Full Changelog: v0.44.0...v0.44.1
📂 Files Checksum
2dd3a23b6d37c6d40b690390d7045bc3403c5e3660b6bd0472be4da19ece7c7a ./kbld-windows-amd64.exe
a45c1fd7274722596ae89c51f9a44cb66de56a57adca2df2985c66e48322cd86 ./kbld-windows-arm64.exe
a81eced438e60a0ba3c87c3823673eb9f935a8e0e7694c0232e70674001f014e ./kbld-darwin-amd64
afcb44d37dbac1e2f23c056865798efe0f8b7ff982eee4644ceb146e30584e4a ./kbld-linux-arm64
b3ee4a28b4033a7f01bb9192571ec372f063e771f7dca7e54c9362239745177c ./kbld-darwin-arm64
ffd557f0057c22b8f49ff77ee1ea40d93f3da2b9cb18a82e9dda9399970c2282 ./kbld-linux-amd64