Skip to content

Release early access

GitHub Action edited this page Jun 10, 2024 · 222 revisions

Published: 2024-06-10T22:14:25.916995381Z

Release Notes

https://github.com/jreleaser/jreleaser/releases/tag/early-access

Binaries

🌟 Universal

These binaries require an external Java runtime.

☕️ Bundled Java Runtimes

These binaries provide their own Java runtime.

Platform Artifact
MacOS x86_64 jreleaser-standalone-early-access-osx-x86_64.zip (asc)
sha256:25f422589eb7a7951df38d67470f1de43dd48207b530f1c089c57548582d1c3d
MacOS Arm64 jreleaser-standalone-early-access-osx-aarch64.zip (asc)
sha256:f9bbe9814bb8531c9b1612837f697100bb08ed87a8296c27ea9267b6375fe3f0
Linux x86_64 (musl) jreleaser-standalone-early-access-linux_musl-x86_64.zip (asc)
sha256:542bb44f24b617095b866513e5b9ea4ada89b3abc41aaef733155603a393949d
Linux Arm64 (musl) jreleaser-standalone-early-access-linux_musl-aarch64.zip (asc)
sha256:8ab5e29a34806b8ce5063b3c8fa128a367717caecc2e4198c8a580a2a2829beb
Linux x86_64 (glibc) jreleaser-standalone-early-access-linux-x86_64.zip (asc)
sha256:143cb6772eafacca578fa2c5ee746ffab206b0eb46c051c7c0373532da1e380b
Linux Arm64 (glibc) jreleaser-standalone-early-access-linux-aarch64.zip (asc)
sha256:8ae2c8a0d46834a4dd3bfb410ed310960c81b83fe783fc2dece97379ec02ab3f
Windows x86_64 jreleaser-standalone-early-access-windows-x86_64.zip (asc)
sha256:2048185ecd5552be40351968bbdab0c7dad460cdb979c04148fb106603ef741e
Windows Arm64 jreleaser-standalone-early-access-windows-aarch64.zip (asc)
sha256:490d152c0694594bca215b8035183eea70034b246440ca53e388a3009bfaaeef

📦 Installers

These binaries provide their own Java runtime.

Platform Artifact
MacOS x86_64 jreleaser-installer-early-access-osx-x86_64.pkg (asc)
sha256:6fa4b801a3345e974cfe551c732abf9a945d48945e0aa525fe71ad5ed6b9278c
MacOS Arm64 jreleaser-installer-early-access-osx-aarch64.pkg (asc)
sha256:cb5072c86b7640ddd6fbd70b49fafb40805064b7f7b0cbda1394f4753aa7365a
Linux x86_64 (glibc) jreleaser-installer_early-access-1_amd64.deb (asc)
sha256:c3e8bc2b5dcacd854b8c4206056a89c02f321bf96bb0a6fc40b4a4f5d809d844
Linux x86_64 (glibc) jreleaser-installer-early-access-1.x86_64.rpm (asc)
sha256:cb9a1a16a78ef3f1c121e964fadcf32fe2fd7d7464923742870c0fac672224a3
Windows x86_64 jreleaser-installer-early-access-windows-x86_64.msi (asc)
sha256:f4b8b7b015495aa8a93a2afd0fb195c72c6e2d25cf20a7e6d7b381cbe8d54e6d

💻 Native Executables

Platform Artifact
MacOS x86_64 jreleaser-native-early-access-osx-aarch64.zip (asc)
sha256:804c46a722ffc6cfb00418052236c53fcaafac83c9d825ed9f3e2cdee8fb0133
MacOS Arm64 jreleaser-native-early-access-osx-x86_64.zip (asc)
sha256:9d8ab25b52cb1c48fdb54cff9449c86d6fa91d02bc5ab0387594d0196bf9d559
Linux x86_64 (glibc) jreleaser-native-early-access-linux-x86_64.zip (asc)
sha256:819e0b10343f3572111db7df734e161c0f7ed88b03f2e72589ae89f84451a3b7
Windows x86_64 jreleaser-native-early-access-windows-x86_64.zip (asc)
sha256:652c6abc8ac973a6fa437e2677ffc60067c2348ad0ed456520b911fea2efefb8

Verify Provenance

SLSA

  1. Install or build the slsa-verifier binary.
  2. Download jreleaser-all-early-access.intoto.jsonl
  3. Download the binary or binary files you'd like to verify.
  4. Run the verifier against the binary. For example
$ slsa-verifier verify-artifact jreleaser-early-access.zip \
   --provenance-path jreleaser-all-early-access.intoto.jsonl \
   --source-uri github.com/jreleaser/jreleaser
Verified signature against tlog entry index 8865454 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77acceaa92d35076867e961260048db8f9ee7726329e5a14ae3a6cfd678aeacad11
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit caa516c7c52ca72a352f97e4153334080f8b7f43
PASSED: Verified SLSA provenance

PGP

  1. Download the public key
  2. Verify the fingerprint matches the following:
$ gpg --show-keys aalmiray.asc
pub   rsa4096 2021-02-10 [SC] [expires: 2031-02-08]
      F1D5F6A91C86B0702CD0734BCCC55C5167419ADB
uid                      Andres Almiray <aalmiray@gmail.com>
sub   rsa4096 2021-02-10 [E] [expires: 2031-02-08]
  1. Import the key with gpg --import aalmiray.asc.
  2. Verify the chosen artifact with:
$ gpg --verify jreleaser-early-access.zip.asc jreleaser-early-access.zip
gpg: Signature made Tue Dec 13 06:51:49 2022 CET
gpg:                using RSA key CCC55C5167419ADB
gpg: Good signature from "Andres Almiray <aalmiray@gmail.com>" [ultimate]