Autocert v0.19.4 (24-07-12)

Signatures and Checksums

autocert uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

COSIGN_EXPERIMENTAL=1 cosign verify-blob \
  --certificate ~/Downloads/autocert_linux_0.19.4_amd64.tar.gz.pem \
  --signature ~/Downloads/autocert_linux0.19.4_amd64.tar.gz.sig \
  ~/Downloads/autocert_linux0.19.4_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• b8a95b4 Merge pull request #266 from smallstep/max/release_ref_name
• f9e4a2c [actions] use ref_name as release name
• a1ab19d Merge pull request #262 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.48.1
• a039179 Run go mod tidy
• 5ebef0b build(deps): bump go.step.sm/crypto from 0.47.1 to 0.48.1
• 739a814 Merge pull request #263 from smallstep/dependabot/go_modules/golang.org/x/net-0.27.0
• 597b84b build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0
• 315b673 Merge pull request #265 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.65.0
• 489749d build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0
• efd0d10 Merge pull request #260 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.0.6
• faf8bcc build(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6
• 3b347a0 Merge pull request #259 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.47.1
• 4472c8b build(deps): bump go.step.sm/crypto from 0.47.0 to 0.47.1
• 592dde8 Merge pull request #257 from smallstep/dependabot/go_modules/github.com/smallstep/certificates-0.26.2
• 180b166 build(deps): bump github.com/smallstep/certificates

Thanks!

Those were the changes on v0.19.4!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.