Signatures and Checksums
autocert uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
COSIGN_EXPERIMENTAL=1 cosign verify-blob \
--certificate ~/Downloads/autocert_linux_0.20.0_amd64.tar.gz.pem \
--signature ~/Downloads/autocert_linux0.20.0_amd64.tar.gz.sig \
~/Downloads/autocert_linux0.20.0_amd64.tar.gz
The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.
Changelog
- 656f7b9 Merge pull request #309 from smallstep/max/bump-dependencies
- f0d065c cr.step.sm -> cr.smallstep.com
- 535f544 Bump dependencies with 'go mod tidy'
- 41efa1a Merge pull request #308 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.1.0
- 24dd847 Merge pull request #307 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.54.2
- 250c808 build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0
- 1681ede build(deps): bump go.step.sm/crypto from 0.54.0 to 0.54.2
- 65da231 Merge pull request #304 from smallstep/dependabot/go_modules/golang.org/x/net-0.31.0
- 7ad9350 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
- 90ae3c2 Merge pull request #300 from smallstep/dependabot/go_modules/github.com/smallstep/certificates-0.28.0
- 2674c1a Merge pull request #302 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.0.9
- 0e18507 build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9
- e053b69 build(deps): bump github.com/smallstep/certificates
- a764210 Merge pull request #296 from smallstep/max/bump-deps
- 2663ee3 Bump certificates and cli-utils | go mod tidy
- 3c4e957 Merge pull request #295 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.54.0
- eeeb537 build(deps): bump go.step.sm/crypto from 0.53.0 to 0.54.0
Thanks!
Those were the changes on v0.20.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.