Releases: carvel-dev/imgpkg
Releases · carvel-dev/imgpkg
v0.43.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingWhat's Changed
- Get image layer from Primary Location in #660 by @rcmadhankumar
- Limit session IDs to a non-negative, pseudo-random int32 in #664 by @mamachanko
- Introduction of the copy API in #668 by @joaopapereira
Full Changelog: v0.42.0...v0.43.0
📂 Files Checksum
02a7e3fd0142c1053c14a87084820c1940f34c7372c16d883ef54091a37ac30d ./imgpkg-darwin-amd64
099627a79b7edf9ba99321f4dc4e43404bc83c42930864c9db650070e65cfb5a ./imgpkg-linux-arm64
2a0c2adb6edf0d67a0677c6dcf036c34d1f26af2858cacd9d114669829cc4848 ./imgpkg-darwin-arm64
4f87f219012e48b917d7aaf8b0ee71729f2572fc1a3deb7483bd8744fe2e1a06 ./imgpkg-linux-amd64
c07608dd4c1b534aaebe5aaf3993ae1a6e0af44691f06d4cd035836c868084c6 ./imgpkg-windows-amd64.exe
Contributors
mamachanko, joaopapereira, and rcmadhankumar
Assets 10
v0.42.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingWhat's Changed
- Bump golang to 1.22.4 #672 by @rohitagg2020
Full Changelog: v0.42.1...v0.42.2
📂 Files Checksum
493f0931964e800aab255fe32256d044369c997537e7fdc8fcc93ac978c5462e ./imgpkg-linux-arm64
59f0af401217f3dc36163c31e093b5bdceeaf9397576e894b591a014480b9c1b ./imgpkg-darwin-amd64
bea6e08f5f6bf8b2a7f31486c41b34715e5dd6e4319e15968e25cd570daf5446 ./imgpkg-linux-amd64
cae062487d5c16d52f6ec70b455b6e53202e021928c061568d4e976ff7ad1a19 ./imgpkg-windows-amd64.exe
cf10c7cb2ef202e1f4fb1f334e350c760690c21883c79f8485c488ff9007aca2 ./imgpkg-darwin-arm64
Contributors
rohitagg2020
Assets 10
v0.42.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingWhat's Changed
- Describe reaches out to original registry to get information on layer incorrectly #659
Full Changelog: v0.42.0...v0.42.1
📂 Files Checksum
6a437f95f8cf0d1295c4165ce60ecf3f4dfe722a497bce8f1b8005a671551df8 ./imgpkg-darwin-arm64
76a2d5a1cc6b5917fea35c9cf7383fc742ade39f2d51f1485a25bd4a8aa58970 ./imgpkg-darwin-amd64
78ed95d612a927abc344df8cadd052610637566b98594252db3bc03ff2713d83 ./imgpkg-linux-arm64
de1816b01fcc1d602013b4b851975a46b6544ae45c001f0c2d15e1c2d4ebc420 ./imgpkg-windows-amd64.exe
fc4e0bc2e238b2ffaff8f04fba0844de0d1e5ef7dd870a4d01896361b5b5510b ./imgpkg-linux-amd64
v0.42.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingWhat's Changed
- When 2 images with same SHA are reference by 2 nested bundles by @joaopapereira in #638
- Added flag --layers to enable/disable functionality of showing each layers of image by @kumaritanushree in #639
- Collect description information for images from correct registry by @joaopapereira in #637
- Update Copyright Headers by @prashantrewar in #647
- [chore] bump docker deps to v25.0.5 by @grokspawn in #648
- Bump go version to 1.22.2 by @sethiyash in #651
🔈 Callouts
- @prashantrewar made their first contribution in #647
- @grokspawn made their first contribution in #648
Full Changelog: v0.41.0...v0.42.0
📂 Files Checksum
0bb6235af28abafc3458e30fbbd49e040aaa2189c4c39212a3c7a5a57ea83754 ./imgpkg-linux-amd64
3efc3081538273e924152c978911b0331b9b397cc72e587803c51b5f06f6636a ./imgpkg-darwin-arm64
89272b9b14512787154eef4fa1ba2132afd4cac1840af757efb8ca9f09fe4711 ./imgpkg-windows-amd64.exe
bbe4c9a3eae83df55b267506a3e6b22d94a7b4ed642f94797779e2b0ba647373 ./imgpkg-darwin-amd64
fc7ad7465730297085e4c7deefc47e2e56713be957971935008460a9bc709a0a ./imgpkg-linux-arm64
Contributors
joaopapereira, sethiyash, and 3 other contributors
Assets 10
v0.41.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingChangelog
✨ What's new
- When 2 images with same SHA are reference by 2 nested bundles by @joaopapereira in #638
Full Changelog: v0.41.0...v0.41.1
📂 Files Checksum
50d63ad2b4735858112a55e3a2baf9af8568e459e79537f7aa04baf60b291797 ./imgpkg-darwin-amd64
004551cec931a3633c0bb380e113f9c700796deab240a514201c2ec6f0a6fc4e ./imgpkg-darwin-arm64
e6291309be274d8137116bba06824af763e22110d48e9cc45aca0d3135420966 ./imgpkg-linux-amd64
1fc1c933cc235ef13dedf701075b36fea9c5da425783bec18452ccfb5332cac9 ./imgpkg-linux-arm64
35553c5790ae289d9c964c8954ebed47c55d189a279fc4c5baa28d58f3a24157 ./imgpkg-windows-amd64.exe
Contributors
joaopapereira
Assets 10
v0.41.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Some layers in some images do not have a DiffID, and imgpkg was not able to process them #464
- Images that contained OS filesystem could not be pulled due to symlinks and other file types #441
- Updated dependencies
Full Changelog: v0.40.0...v0.41.0
📂 Files Checksum
036dc61fe3fa4157aea62cf9284e3c8d7b4f878becbbac21629d043bef1e9171 ./imgpkg-windows-amd64.exe
1822aef7b14f97da0e1d12946362a773863e601c57d943a886ba86f71fcc6777 ./imgpkg-darwin-amd64
2b1bc6ecd757a099b788474a0bf81748c69b5745443a351db0558fd3fcd431df ./imgpkg-linux-arm64
50eb0ff74447c2d46ab9152794ae11076233390f9a7747a9056985a8de072be0 ./imgpkg-linux-amd64
8553577a8db76e9aee7963ba2c6bc88c5f5dab04286c51e05291ab87dc8d7290 ./imgpkg-darwin-arm64
v0.40.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingWhat's Changed
- Bump go version to 1.21.9 in v0.40.x by @sethiyash in #653
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
1eccbea8d3eaaaca681a1337ab9ce29c58e6f3cab87665684fde174bc9f49657 ./imgpkg-windows-amd64.exe
5787a7e3ebfb6d67592918c5f5ed0a6d797009d6faf3eae99528b50ba45e4eae ./imgpkg-darwin-arm64
7b4461e6a37d2f62055120e317dd30485eefebcf8c91d8abd4d0d4f55e2d9842 ./imgpkg-darwin-amd64
94f4db59db55448e6ff000426d1a6fa592f491a1fcbdfb7d71bcb4854128ab32 ./imgpkg-linux-amd64
ccc2f144c76c409f7c9470ebacb7903a5b576b9b8b561010734620d48971d897 ./imgpkg-linux-arm64
Contributors
sethiyash
Assets 10
v0.40.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/imgpkg-linux-amd64
# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg
# Make the binary executable
chmod +x /usr/local/bin/imgpkgVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg versionVerify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingWhat's Changed
- Add imgpkg-session-id to http headers by @joaopapereira in #600
- Use logger that always write on describe command by @joaopapereira in #599
- Updated describe command to show layer's digest of each image by @kumaritanushree in #622
- Signing and verification added, release notes generation automated by @rcmadhankumar in #627
- Bump go version to 1.21.6 by @sethiyash in #628
Full Changelog: v0.39.0...v0.40.0
📂 Files Checksum
4da669ff323d950d8dce5bf6b5a760336005567fe1643c01c811bad43d8d2ca1 ./imgpkg-windows-amd64.exe
670b98c5c5b24ae20101b3ab2c430bf2340a9d47b21257b08c8ead20b207e615 ./imgpkg-linux-arm64
76eaefd8bebb5acd2477c554cc9f77a7353f2f2d0395cbdbd025b3fdf3c31b8c ./imgpkg-darwin-arm64
d143a5719ac645ec4921bc14a184505454955a815f2e6a215de8e5aa5179c2c9 ./imgpkg-darwin-amd64
de2ea4c292833736f9627c26ab43191f923aa96ae0c66dc95c546be42e0f90c5 ./imgpkg-linux-amd64
Contributors
joaopapereira, sethiyash, and 2 other contributors
Assets 10
v0.39.0
✨ What's new
- 🚨 For library users 🚨 the go module name changes to
carvel.dev/imgpkgthis is a breaking change on this version, no impact for users that only use the binaries
Full Changelog: v0.38.1...v0.39.0
📂 Files Checksum
2bfbe2a5b69ab4da652753af9b335ad5dd222780428f064aedd2f50bd11e2693 ./imgpkg-darwin-amd64
378ba1c3b06361d9695c92b54e803309e1bc28084de492c58ed0c993f3987b82 ./imgpkg-darwin-arm64
7b247c24850dbf4ff70095b6d7f5aff12aea15d0ece9e9ecf66f92e3c9d2f332 ./imgpkg-linux-arm64
98b80baa5d665c5119fc8e2a62978f9d193c9647e3c47ab72867b055b94d14ff ./imgpkg-linux-amd64
b2e38dc24985451633b76151c8d9ef300944fe73ca18ca28d0ae74a756f2f2eb ./imgpkg-windows-amd64.exe
v0.38.3
What's Changed
- Bump go version to 1.21.5 by @rcmadhankumar in #618
Full Changelog: v0.38.2...v0.38.3
📂 Files Checksum
39385a86ad320f30d7b4487675983aabe56c36be8069ba9d6fdcf7cb544da718 ./imgpkg-linux-amd64
68d9cde3d16036acca6d1c02c2883a3005175ed21716339e7945dd47b8cc71e1 ./imgpkg-windows-amd64.exe
6f4432ef68df53356fa68c3ba5a24522987ffb9ab9ec157124761d0f2ffeb367 ./imgpkg-darwin-arm64
9538fa76d45afb92d407a4e75c33250835628e2a0e6172dfc86c13937d94ad14 ./imgpkg-linux-arm64
d51cdb0f65510ed53c84810c6f1fa29982302a340d4d7dce1a17fb3c1ffecc6e ./imgpkg-darwin-amd64
Contributors
rcmadhankumar