Skip to content

Releases: syntaur-systems/syntaur-dist

v0.7.107

Choose a tag to compare

@github-actions github-actions released this 30 Jun 23:16

Verified release

Built from the private Syntaur application source at
v0.7.107 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.106

Choose a tag to compare

@github-actions github-actions released this 30 Jun 22:22

Verified release

Built from the private Syntaur application source at
v0.7.106 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.104

Choose a tag to compare

@github-actions github-actions released this 30 Jun 20:39

Verified release

Built from the private Syntaur application source at
v0.7.104 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.103

Choose a tag to compare

@github-actions github-actions released this 26 Jun 22:07

Verified release

Built from the private Syntaur application source at
v0.7.103 and the private Syntaur browser engine source at
main by this repo's public
release-sign.yml
workflow. The exact immutable application source commit is recorded
in the signed syntaur-source-commit.txt; the exact native browser
engine commit is recorded in the signed
syntaur-engine-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.102

Choose a tag to compare

@github-actions github-actions released this 26 Jun 18:13

Verified release

Built from the private buddyholly007/syntaur source at
v0.7.102 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.101

Choose a tag to compare

@github-actions github-actions released this 26 Jun 14:33

Verified release

Built from the private buddyholly007/syntaur source at
v0.7.101 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.100

Choose a tag to compare

@github-actions github-actions released this 26 Jun 13:41

Verified release

Built from the private buddyholly007/syntaur source at
v0.7.100 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.99

Choose a tag to compare

@github-actions github-actions released this 26 Jun 09:51

Verified release

Built from the private buddyholly007/syntaur source at
v0.7.99 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.98

Choose a tag to compare

@github-actions github-actions released this 26 Jun 06:28

Verified release

Built from the private buddyholly007/syntaur source at
v0.7.98 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.

v0.7.97

Choose a tag to compare

@github-actions github-actions released this 22 Jun 06:21

Verified release

Built from the private buddyholly007/syntaur source at
v0.7.97 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.