Skip to content

Release v1.6.0

Jump to bottom
GitHub Action edited this page Apr 29, 2023 · 1 revision

Published: 2023-04-29T10:32:06.70121Z

Release Notes

https://github.com/jreleaser/jreleaser/releases/tag/v1.6.0

Binaries

🌟 Universal

These binaries require an external Java runtime.

☕️ Bundled Java Runtimes

These binaries provide their own Java runtime.

Platform Artifact
MacOS x86_64 jreleaser-standalone-1.6.0-osx-x86_64.zip (asc)
sha256:1e11b3ff10bb2c554dd1b2e9755561254481c5ec44fad7f16dba51c53f18314b
MacOS Arm64 jreleaser-standalone-1.6.0-osx-aarch64.zip (asc)
sha256:20f7366dc6372aebaac69a75678e255e64a11dee80f84bb83a1fdc169c8d0499
Linux x86_64 (musl) jreleaser-standalone-1.6.0-linux_musl-x86_64.zip (asc)
sha256:c49f2e92ad524f421ce472c7f48b86fc0da589576198a297063573701476f8f6
Linux Arm64 (musl) jreleaser-standalone-1.6.0-linux_musl-aarch64.zip (asc)
sha256:8cea464100735398198cbb116e465a2ff65de5e29fb81005dcea50ead646a747
Linux x86_64 (glibc) jreleaser-standalone-1.6.0-linux-x86_64.zip (asc)
sha256:78bb9d4a211af922bcb9e4d9ecb2481bf1a28b2b7709f22b833a9eb5377918f5
Linux Arm64 (glibc) jreleaser-standalone-1.6.0-linux-aarch64.zip (asc)
sha256:d6ee9155934c4ecb622bf7ec3e701c72d26310f6746df297f4ad71372793cd59
Windows x86_64 jreleaser-standalone-1.6.0-windows-x86_64.zip (asc)
sha256:bffd14796a45ec5c1159960810fb5cfa6881217641df8e7103cde977738c9c50
Windows Arm64 jreleaser-standalone-1.6.0-windows-aarch64.zip (asc)
sha256:03b42e093c1efb126f5657c1bb6be2d7dd64c02b2762a255f5b5e207f3daff4b

📦 Installers

These binaries provide their own Java runtime.

💻 Native Executables

Verify Provenance

SBOMS

SLSA

  1. Install or build the slsa-verifier binary.
  2. Download jreleaser-all-1.6.0.intoto.jsonl
  3. Download the binary or binary files you'd like to verify.
  4. Run the verifier against the binary. For example
$ slsa-verifier verify-artifact jreleaser-1.6.0.zip \
   --provenance-path jreleaser-all-1.6.0.intoto.jsonl \
   --source-uri github.com/jreleaser/jreleaser
Verified signature against tlog entry index 8865454 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77acceaa92d35076867e961260048db8f9ee7726329e5a14ae3a6cfd678aeacad11
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit caa516c7c52ca72a352f97e4153334080f8b7f43
PASSED: Verified SLSA provenance

PGP

  1. Download the public key
  2. Verify the fingerprint matches the following:
$ gpg --show-keys aalmiray.asc
pub   rsa4096 2021-02-10 [SC] [expires: 2031-02-08]
      F1D5F6A91C86B0702CD0734BCCC55C5167419ADB
uid                      Andres Almiray <aalmiray@gmail.com>
sub   rsa4096 2021-02-10 [E] [expires: 2031-02-08]
  1. Import the key with gpg --import aalmiray.asc.
  2. Verify the chosen artifact with:
$ gpg --verify jreleaser-1.6.0.zip.asc jreleaser-1.6.0.zip
gpg: Signature made Tue Dec 13 06:51:49 2022 CET
gpg:                using RSA key CCC55C5167419ADB
gpg: Good signature from "Andres Almiray <aalmiray@gmail.com>" [ultimate]

For questions, support and general discussion, please use GitHub Discussions.

Examples and reference may be found at https://jreleaser.org.
Would you like to help? You can sponsor or contribute.
You can reach us at Twitter and Mastodon.

Menu

Clone this wiki locally