Skip to content

Release v1.10.0

Jump to bottom
GitHub Action edited this page Dec 31, 2023 · 1 revision

Published: 2023-12-31T16:20:24.502141022Z

Release Notes

https://github.com/jreleaser/jreleaser/releases/tag/v1.10.0

Binaries

🌟 Universal

These binaries require an external Java runtime.

☕️ Bundled Java Runtimes

These binaries provide their own Java runtime.

Platform Artifact
MacOS x86_64 jreleaser-standalone-1.10.0-osx-x86_64.zip (asc)
sha256:bddabbed7e423f60901b92919e4ee3214a73bab7ea1c5d3865e2c7c7da26ec38
MacOS Arm64 jreleaser-standalone-1.10.0-osx-aarch64.zip (asc)
sha256:8d6351770413049234cbbe5726fdc53c1ab500ba2c0c153cd0b2dd1a7e0736d0
Linux x86_64 (musl) jreleaser-standalone-1.10.0-linux_musl-x86_64.zip (asc)
sha256:c3dab09157958423252f61a99147a7a4ac4a6646c5357ace7b4bcd9874eced00
Linux Arm64 (musl) jreleaser-standalone-1.10.0-linux_musl-aarch64.zip (asc)
sha256:8ab97c641a9a7c6e5c9a6cedd2bc08e9d2b021c62c8d0d338c0efe2461967f95
Linux x86_64 (glibc) jreleaser-standalone-1.10.0-linux-x86_64.zip (asc)
sha256:2a791337414d53cc2f50f683969d7bc0e0314f1f4b70c85d197174b1b771b148
Linux Arm64 (glibc) jreleaser-standalone-1.10.0-linux-aarch64.zip (asc)
sha256:2a2cc85e012ae4747880474c8e0d8353f5f4244375bf0ddf1dc70c1348a83847
Windows x86_64 jreleaser-standalone-1.10.0-windows-x86_64.zip (asc)
sha256:3c2d745e8e7b43b6cabd9c94516c7186af2ee4c833b5a8128264cd66c1a97d72
Windows Arm64 jreleaser-standalone-1.10.0-windows-aarch64.zip (asc)
sha256:669c75f0e749fb295f990def797126da246ab0c472733bf71f99f001726fd4b5

📦 Installers

These binaries provide their own Java runtime.

💻 Native Executables

Verify Provenance

SBOMS

SLSA

  1. Install or build the slsa-verifier binary.
  2. Download jreleaser-all-1.10.0.intoto.jsonl
  3. Download the binary or binary files you'd like to verify.
  4. Run the verifier against the binary. For example
$ slsa-verifier verify-artifact jreleaser-1.10.0.zip \
   --provenance-path jreleaser-all-1.10.0.intoto.jsonl \
   --source-uri github.com/jreleaser/jreleaser
Verified signature against tlog entry index 8865454 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77acceaa92d35076867e961260048db8f9ee7726329e5a14ae3a6cfd678aeacad11
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit caa516c7c52ca72a352f97e4153334080f8b7f43
PASSED: Verified SLSA provenance

PGP

  1. Download the public key
  2. Verify the fingerprint matches the following:
$ gpg --show-keys aalmiray.asc
pub   rsa4096 2021-02-10 [SC] [expires: 2031-02-08]
      F1D5F6A91C86B0702CD0734BCCC55C5167419ADB
uid                      Andres Almiray <aalmiray@gmail.com>
sub   rsa4096 2021-02-10 [E] [expires: 2031-02-08]
  1. Import the key with gpg --import aalmiray.asc.
  2. Verify the chosen artifact with:
$ gpg --verify jreleaser-1.10.0.zip.asc jreleaser-1.10.0.zip
gpg: Signature made Tue Dec 13 06:51:49 2022 CET
gpg:                using RSA key CCC55C5167419ADB
gpg: Good signature from "Andres Almiray <aalmiray@gmail.com>" [ultimate]

For questions, support and general discussion, please use GitHub Discussions.

Examples and reference may be found at https://jreleaser.org.
Would you like to help? You can sponsor or contribute.
You can reach us at Twitter and Mastodon.

Menu

Clone this wiki locally