Signatures and Checksums
autocert
uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign
to verify a release artifact:
COSIGN_EXPERIMENTAL=1 cosign verify-blob \
--certificate ~/Downloads/autocert_linux_0.19.2_amd64.tar.gz.pem \
--signature ~/Downloads/autocert_linux0.19.2_amd64.tar.gz.sig \
~/Downloads/autocert_linux0.19.2_amd64.tar.gz
The checksums.txt
file (in the 'Assets' section below) contains a checksum for every artifact in the release.
Changelog
- 3bf6878 Merge pull request #242 from smallstep/max/cli-v0.26.0
- 81d8eac Update version of kubectl in autocert/init
- 9b2138d Update Dockerfile step-cli version to 0.26.0
Thanks!
Those were the changes on v0.19.2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.