Releases: carvel-dev/imgpkg
v0.42.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- When 2 images with same SHA are reference by 2 nested bundles by @joaopapereira in #638
- Added flag --layers to enable/disable functionality of showing each layers of image by @kumaritanushree in #639
- Collect description information for images from correct registry by @joaopapereira in #637
- Update Copyright Headers by @prashantrewar in #647
- [chore] bump docker deps to v25.0.5 by @grokspawn in #648
- Bump go version to 1.22.2 by @sethiyash in #651
🔈 Callouts
- @prashantrewar made their first contribution in #647
- @grokspawn made their first contribution in #648
Full Changelog: v0.41.0...v0.42.0
📂 Files Checksum
0bb6235af28abafc3458e30fbbd49e040aaa2189c4c39212a3c7a5a57ea83754 ./imgpkg-linux-amd64
3efc3081538273e924152c978911b0331b9b397cc72e587803c51b5f06f6636a ./imgpkg-darwin-arm64
89272b9b14512787154eef4fa1ba2132afd4cac1840af757efb8ca9f09fe4711 ./imgpkg-windows-amd64.exe
bbe4c9a3eae83df55b267506a3e6b22d94a7b4ed642f94797779e2b0ba647373 ./imgpkg-darwin-amd64
fc7ad7465730297085e4c7deefc47e2e56713be957971935008460a9bc709a0a ./imgpkg-linux-arm64
v0.41.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
Changelog
✨ What's new
- When 2 images with same SHA are reference by 2 nested bundles by @joaopapereira in #638
Full Changelog: v0.41.0...v0.41.1
📂 Files Checksum
50d63ad2b4735858112a55e3a2baf9af8568e459e79537f7aa04baf60b291797 ./imgpkg-darwin-amd64
004551cec931a3633c0bb380e113f9c700796deab240a514201c2ec6f0a6fc4e ./imgpkg-darwin-arm64
e6291309be274d8137116bba06824af763e22110d48e9cc45aca0d3135420966 ./imgpkg-linux-amd64
1fc1c933cc235ef13dedf701075b36fea9c5da425783bec18452ccfb5332cac9 ./imgpkg-linux-arm64
35553c5790ae289d9c964c8954ebed47c55d189a279fc4c5baa28d58f3a24157 ./imgpkg-windows-amd64.exe
v0.41.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Some layers in some images do not have a DiffID, and imgpkg was not able to process them #464
- Images that contained OS filesystem could not be pulled due to symlinks and other file types #441
- Updated dependencies
Full Changelog: v0.40.0...v0.41.0
📂 Files Checksum
036dc61fe3fa4157aea62cf9284e3c8d7b4f878becbbac21629d043bef1e9171 ./imgpkg-windows-amd64.exe
1822aef7b14f97da0e1d12946362a773863e601c57d943a886ba86f71fcc6777 ./imgpkg-darwin-amd64
2b1bc6ecd757a099b788474a0bf81748c69b5745443a351db0558fd3fcd431df ./imgpkg-linux-arm64
50eb0ff74447c2d46ab9152794ae11076233390f9a7747a9056985a8de072be0 ./imgpkg-linux-amd64
8553577a8db76e9aee7963ba2c6bc88c5f5dab04286c51e05291ab87dc8d7290 ./imgpkg-darwin-arm64
v0.40.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Bump go version to 1.21.9 in v0.40.x by @sethiyash in #653
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
1eccbea8d3eaaaca681a1337ab9ce29c58e6f3cab87665684fde174bc9f49657 ./imgpkg-windows-amd64.exe
5787a7e3ebfb6d67592918c5f5ed0a6d797009d6faf3eae99528b50ba45e4eae ./imgpkg-darwin-arm64
7b4461e6a37d2f62055120e317dd30485eefebcf8c91d8abd4d0d4f55e2d9842 ./imgpkg-darwin-amd64
94f4db59db55448e6ff000426d1a6fa592f491a1fcbdfb7d71bcb4854128ab32 ./imgpkg-linux-amd64
ccc2f144c76c409f7c9470ebacb7903a5b576b9b8b561010734620d48971d897 ./imgpkg-linux-arm64
v0.40.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkg
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version
Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Add imgpkg-session-id to http headers by @joaopapereira in #600
- Use logger that always write on describe command by @joaopapereira in #599
- Updated describe command to show layer's digest of each image by @kumaritanushree in #622
- Signing and verification added, release notes generation automated by @rcmadhankumar in #627
- Bump go version to 1.21.6 by @sethiyash in #628
Full Changelog: v0.39.0...v0.40.0
📂 Files Checksum
4da669ff323d950d8dce5bf6b5a760336005567fe1643c01c811bad43d8d2ca1 ./imgpkg-windows-amd64.exe
670b98c5c5b24ae20101b3ab2c430bf2340a9d47b21257b08c8ead20b207e615 ./imgpkg-linux-arm64
76eaefd8bebb5acd2477c554cc9f77a7353f2f2d0395cbdbd025b3fdf3c31b8c ./imgpkg-darwin-arm64
d143a5719ac645ec4921bc14a184505454955a815f2e6a215de8e5aa5179c2c9 ./imgpkg-darwin-amd64
de2ea4c292833736f9627c26ab43191f923aa96ae0c66dc95c546be42e0f90c5 ./imgpkg-linux-amd64
v0.39.0
✨ What's new
- 🚨 For library users 🚨 the go module name changes to
carvel.dev/imgpkg
this is a breaking change on this version, no impact for users that only use the binaries
Full Changelog: v0.38.1...v0.39.0
📂 Files Checksum
2bfbe2a5b69ab4da652753af9b335ad5dd222780428f064aedd2f50bd11e2693 ./imgpkg-darwin-amd64
378ba1c3b06361d9695c92b54e803309e1bc28084de492c58ed0c993f3987b82 ./imgpkg-darwin-arm64
7b247c24850dbf4ff70095b6d7f5aff12aea15d0ece9e9ecf66f92e3c9d2f332 ./imgpkg-linux-arm64
98b80baa5d665c5119fc8e2a62978f9d193c9647e3c47ab72867b055b94d14ff ./imgpkg-linux-amd64
b2e38dc24985451633b76151c8d9ef300944fe73ca18ca28d0ae74a756f2f2eb ./imgpkg-windows-amd64.exe
v0.38.3
What's Changed
- Bump go version to 1.21.5 by @rcmadhankumar in #618
Full Changelog: v0.38.2...v0.38.3
📂 Files Checksum
39385a86ad320f30d7b4487675983aabe56c36be8069ba9d6fdcf7cb544da718 ./imgpkg-linux-amd64
68d9cde3d16036acca6d1c02c2883a3005175ed21716339e7945dd47b8cc71e1 ./imgpkg-windows-amd64.exe
6f4432ef68df53356fa68c3ba5a24522987ffb9ab9ec157124761d0f2ffeb367 ./imgpkg-darwin-arm64
9538fa76d45afb92d407a4e75c33250835628e2a0e6172dfc86c13937d94ad14 ./imgpkg-linux-arm64
d51cdb0f65510ed53c84810c6f1fa29982302a340d4d7dce1a17fb3c1ffecc6e ./imgpkg-darwin-amd64
v0.38.2
What's Changed
- e56a33d Bump go version to 1.21.3
Full Changelog: v0.38.1...v0.38.2
📂 Files Checksum
06519df70fc05d6b289c14e8af0269d813473713c48cf1883052a52e338e147b ./imgpkg-darwin-amd64
2037b61056c4f50e6f50c51fc473e85f2b9acc34d72a0b042a62044a1c2884a6 ./imgpkg-linux-amd64
439fb6af0b9b77ec30d7ea6f347b1a80da2356aa59a9c4718dc3e38b2843f8b1 ./imgpkg-darwin-arm64
99b422b906595fb2a3e5ad16ef1fb023094c7b340f92dfe816beec04f2b206e1 ./imgpkg-windows-amd64.exe
c6c057a003a8435fa5b5548f6a55cc4e926283cbbfa55a55f9438d61c99bc172 ./imgpkg-linux-arm64
v0.38.1
✨ What's new
- Fix issue with copy of bundles using has tags the origin repository location #582 by @rcmadhankumar
Full Changelog: v0.38.0...v0.38.1
📂 Files Checksum
136edef97a4ffe98c9a2e70549a053f409ec35cc59751e7a4b314e9db6d53074 ./imgpkg-linux-amd64
4115072c441d0cea881e96b3e0108246970eea398ca6df2329f363274f2318af ./imgpkg-darwin-amd64
f1dfe98dbc33400ae8d525f032d745a5eb2eb19ab9e3d4580e06cfffdb3db293 ./imgpkg-darwin-arm64
fa80bfd37df86e44bc73a27046ae4305a3b680ccee0740977705bff08a07a14b ./imgpkg-windows-amd64.exe
fb384e5f23428694cc55f0294a762d9d1c341239e838d0f0756309c78923bf55 ./imgpkg-linux-arm64
v0.37.5
✨ What's new
- Fix issue #373 by @ashpect in #561
- updated test to use complete image ref by @kumaritanushree in #564
- add ci badge to readme.md by @microwavables in #562
- Error when --image-is-bundle-check flag is set to false while using -b flag by @ashpect in #563
- Updated test to build binary locally based on variable value by @kumaritanushree in #569
- chore: remove refs to deprecated io/ioutil by @testwill in #577
🔈 Callouts
@ashpect made their first contribution in #561
@testwill made their first contribution in #577
Full Changelog: v0.37.3...v0.37.5
📂 Files Checksum
07ef96b0f34fdf4d984ceb3acaa8f34dd0d7c5e4fcbd7404f3ee4e2f424df1d3 ./imgpkg-darwin-amd64
1d16a9795f12adfaf88ac653ee4bc8123d1f0ac441099efabeeecd4e3541ccc0 ./imgpkg-darwin-arm64
264b058d9f747fbd4942d39e0a47748f907e4eea8ec7c69a20637c8ef9c7bfe0 ./imgpkg-linux-amd64
5a4be581d5375ed2387606df33f1d30f658587fcc151f3e5846a4b802710c55e ./imgpkg-windows-amd64.exe
6cfdfa2127cfae54787c457dee52041be5210253fb887f4d01f92e6eaa50138a ./imgpkg-linux-arm64