·
10 commits
to main
since this release
Immutable
release. Only release title and notes can be modified.
Aldur v0.1.1
Binary security analyzer for PE, ELF, and Mach-O binaries.
Installation
Download the appropriate archive for your platform and extract the aldur binary.
Platforms
| Platform | Architecture | File |
|---|---|---|
| Linux (glibc) | x86_64 | aldur-*-x86_64-unknown-linux-gnu.tar.gz |
| Linux (musl) | x86_64 | aldur-*-x86_64-unknown-linux-musl.tar.gz |
| Linux | ARM64 | aldur-*-aarch64-unknown-linux-gnu.tar.gz |
| Windows | x86_64 | aldur-*-x86_64-pc-windows-msvc.zip |
| Windows | ARM64 | aldur-*-aarch64-pc-windows-msvc.zip |
| macOS | x86_64 | aldur-*-x86_64-apple-darwin.tar.gz |
| macOS | ARM64 | aldur-*-aarch64-apple-darwin.tar.gz |
Security & Supply Chain
This release includes:
- SBOM (Software Bill of Materials) in SPDX and CycloneDX formats
- SHA-256 and SHA-512 checksums for all artifacts
- Sigstore cosign signature for checksum verification
- GitHub build provenance attestation for each platform artifact
- GitHub SBOM attestation linking SBOMs to release artifacts
Verify checksums
# Verify SHA-256 checksums
sha256sum -c checksums-sha256.txt
# Verify cosign signature using bundle (requires cosign installed)
cosign verify-blob \
--bundle checksums-sha256.txt.bundle \
--certificate-identity-regexp "https://github.com/scovetta/Aldur/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
checksums-sha256.txtVerify build provenance
# Verify GitHub build attestation (requires gh CLI)
gh attestation verify aldur-*-x86_64-unknown-linux-gnu.tar.gz \
--owner scovettaVerify SBOM attestation
# Verify SBOM attestation (SPDX)
gh attestation verify aldur-*-x86_64-unknown-linux-gnu.tar.gz \
--owner scovetta \
--predicate-type https://spdx.dev/Document/v2.3
# View SBOM contents from attestation
gh attestation verify aldur-*-x86_64-unknown-linux-gnu.tar.gz \
--owner scovetta \
--predicate-type https://spdx.dev/Document/v2.3 \
--format json | jq '.[].verificationResult.statement.predicate'What's Changed
- feat: Initial codebase commit by @scovetta in #1
- Move docs to a subdirectory by @scovetta in #2
- Detect packing, improve CI by @scovetta in #4
- Scovetta/patch 1 by @scovetta in #5
- Update package-ecosystem to 'cargo' in dependabot.yml by @scovetta in #6
- Scovetta/patch 1 by @scovetta in #7
- Add CodeQL analysis workflow configuration by @scovetta in #8
- fix: add actions-permissions monitor to get to least priv. by @scovetta in #9
- Scovetta/patch 1 by @scovetta in #10
- Fix release workflow by @scovetta in #11
- fix: cosign release command by @scovetta in #12
- Bump to 2024 Edition, fix clippy / format warnings by @scovetta in #13
New Contributors
Full Changelog: https://github.com/scovetta/Aldur/commits/v0.1.1
Contributors
scovetta