Signatures and Checksums
autocert uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
COSIGN_EXPERIMENTAL=1 cosign verify-blob \
--certificate ~/Downloads/autocert_linux_0.19.7_amd64.tar.gz.pem \
--signature ~/Downloads/autocert_linux0.19.7_amd64.tar.gz.sig \
~/Downloads/autocert_linux0.19.7_amd64.tar.gz
The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.
Changelog
- 2e5e593 Merge pull request #289 from evans915/es/fix-bootstrapper-skip-logic
- ad78271 Merge pull request #292 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.67.1
- 215d4da build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1
- a978525 Merge pull request #291 from smallstep/dependabot/go_modules/golang.org/x/net-0.30.0
- 5a3eefc build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
- b73e0c1 bug: only skip bootstrap when we have certs
- 59737f3 Merge pull request #288 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.53.0
- d1494f6 build(deps): bump go.step.sm/crypto from 0.52.0 to 0.53.0
- a96d9d2 Merge pull request #287 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.67.0
- 0aaf748 build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0
Thanks!
Those were the changes on v0.19.7!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.