Releases: syntaur-systems/syntaur-dist
Release list
v0.7.107
Verified release
Built from the private Syntaur application source at
v0.7.107 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.106
Verified release
Built from the private Syntaur application source at
v0.7.106 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.104
Verified release
Built from the private Syntaur application source at
v0.7.104 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.103
Verified release
Built from the private Syntaur application source at
v0.7.103 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.102
Verified release
Built from the private buddyholly007/syntaur source at
v0.7.102 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.101
Verified release
Built from the private buddyholly007/syntaur source at
v0.7.101 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.100
Verified release
Built from the private buddyholly007/syntaur source at
v0.7.100 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.99
Verified release
Built from the private buddyholly007/syntaur source at
v0.7.99 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.98
Verified release
Built from the private buddyholly007/syntaur source at
v0.7.98 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.
v0.7.97
Verified release
Built from the private buddyholly007/syntaur source at
v0.7.97 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.