Lucerna v0.12.0
Lucerna 0.12.0.
See CHANGELOG.md for the full feature list. This release ships
Windows (NSIS -setup.exe), Linux (.AppImage, .deb, .rpm),
and macOS (Universal2 .dmg, unsigned) artifacts.
Verifying this release
Every artifact is signed with cosign (keyless, sigstore) by this
repo's GitHub Actions OIDC identity. To verify any artifact:
cosign verify-blob \
--bundle <artifact>.cosign.bundle \
--certificate-identity-regexp 'https://github.com/AntonBabchenko/Lucerna/.github/workflows/release.yml@.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
<artifact>
Checksums are in SHA256SUMS. A CycloneDX SBOM is attached as
lucerna-0.12.0.cdx.json.
Note on unsigned binaries
Artifacts are not OS-level notarized/code-signed (no
Authenticode, no Apple Developer ID + notarization). Windows
SmartScreen may warn on first run; click "More info" → "Run
anyway". The macOS .dmg is Universal2 and only ad-hoc-signed,
so Gatekeeper quarantines a freshly downloaded copy — clear it with
xattr -dr com.apple.quarantine /Applications/Lucerna.app, or
right-click → Open on first launch. Verify any artifact with cosign
and SHA256SUMS above. See docs/SECURITY.md.