Skip to content

v0.9.5

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 Dec 08:28
· 4 commits to main since this release
v0.9.5
This tag was signed with the committer’s verified signature.
kujtimiihoxha Kujtim Hoxha
SSH Key Fingerprint: Ag+V6TR/qxx105urdHsWRZoNs/6IQ07un/FIqncZ/8I
Verified
Learn about vigilant mode.
7687186
This commit was signed with the committer’s verified signature.
kujtimiihoxha Kujtim Hoxha
SSH Key Fingerprint: Ag+V6TR/qxx105urdHsWRZoNs/6IQ07un/FIqncZ/8I
Verified
Learn about vigilant mode.

Changelog

Other stuff

Verifying the artifacts

First, download the checksums.txt file and the checksums.txt.sigstore.json file files, for example, with wget:

wget 'https://github.com/charmbracelet/catwalk/releases/download/v0.9.5/checksums.txt'
wget 'https://github.com/charmbracelet/catwalk/releases/download/v0.9.5/checksums.txt.sigstore.json'

Then, verify it using cosign:

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --bundle 'checksums.txt.sigstore.json' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Contributors

Amolith
Assets 5
Loading