What's Changed
What's new 馃帀
Full Changelog: 1.3.1...1.4.0
Release asset details:
SHA256
checksums
7259dd26b5208804737af25cad626909ddda35ab561ccecca866459fc435822e pywemo-1.4.0-py3-none-any.whl
38ffae2568d0beb8853967d68f9d9af2da6c98c89b0f014f9359dac504549825 pywemo-1.4.0.tar.gz
How to verify sigstore
signatures
Visit sigstore.dev to learn more about sigstore signing and verification.
Certificate identity:
https://github.com/pywemo/pywemo/.github/workflows/publish.yml@refs/tags/1.4.0
Verify with sigstore-python
:
# Download the release wheel and .sigstore file.
wget https://github.com/pywemo/pywemo/releases/download/1.4.0/pywemo-1.4.0-py3-none-any.whl
wget https://github.com/pywemo/pywemo/releases/download/1.4.0/pywemo-1.4.0-py3-none-any.whl.sigstore
# Install sigstore: https://github.com/sigstore/sigstore-python#installation
python -m pip install sigstore
# Verify that the wheel was built from this release.
python -m sigstore verify github \
--bundle pywemo-1.4.0-py3-none-any.whl.sigstore \
--cert-identity https://github.com/pywemo/pywemo/.github/workflows/publish.yml@refs/tags/1.4.0 \
--sha 9a24c3e76a198a62968c3e6fa3c528e52a157797 \
pywemo-1.4.0-py3-none-any.whl
How to verify SLSA
provenance
Visit slsa.dev to learn more about generating and verifying software provenance with SLSA.
SLSA verifier installation instructions can be found at github.com/slsa-framework/slsa-verifier#installation.
# Download the release wheel and .intoto.jsonl file.
wget https://github.com/pywemo/pywemo/releases/download/1.4.0/pywemo-1.4.0-py3-none-any.whl
wget https://github.com/pywemo/pywemo/releases/download/1.4.0/pywemo-1.4.0.intoto.jsonl
# Verify that the wheel was built from this release.
slsa-verifier verify-artifact \
--provenance-path pywemo-1.4.0.intoto.jsonl \
--source-uri github.com/pywemo/pywemo \
--source-tag 1.4.0 \
pywemo-1.4.0-py3-none-any.whl