Skip to content

Releases: carvel-dev/imgpkg

v0.44.0

09 Dec 06:29
bcef9ff
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.44.0/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.44.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.44.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.44.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.43.0...v0.44.0

📂 Files Checksum

036870d2489abec4b7d4fd4fdde7bc88d3945d55743d0a9282f3a47dc78eac53  ./imgpkg-darwin-amd64
15ca4f8ec4c7a1c6ecf06740a942149887a73845565f0ffbf6ccbf013b65a58a  ./imgpkg-linux-amd64
8e113eb80ebb6c7fc508304b919fc6cc3e4151718beebd16260671ad6d5a199b  ./imgpkg-windows-amd64.exe
afa82893d76cd390be622a32d5e33f10f483437e963060e59e22c8f5da3090d2  ./imgpkg-darwin-arm64
f772b6eb10654f45d15d2166d5be81cf18529aece59df906c25dcb364f508ebe  ./imgpkg-linux-arm64

v0.43.1

03 Sep 06:44
61a0574
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.43.0...v0.43.1

📂 Files Checksum

578b81cedbba68057fbd5b917a337fb34c8ed7406931839efc01608668aa9bd0  ./imgpkg-darwin-amd64
649eda706a172b520307c2189ee04bdc0d2b255b9b076482873ddaa2120afc18  ./imgpkg-windows-amd64.exe
7cd1ecf4b394770ccfedc38f3b4f97a1a3d49447fa0bfe1e28a4f99751597ddf  ./imgpkg-linux-arm64
9cfd34a67048dd71498d2075969592f7db181e639848239c47a47426ebbb03be  ./imgpkg-darwin-arm64
d36ccfcc54143d2475cf09b0247c88bccf24a7aeb062bd9bb8cab7cb58135fcf  ./imgpkg-linux-amd64

v0.43.0

15 Jul 10:13
6807463
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.42.0...v0.43.0

📂 Files Checksum

02a7e3fd0142c1053c14a87084820c1940f34c7372c16d883ef54091a37ac30d  ./imgpkg-darwin-amd64
099627a79b7edf9ba99321f4dc4e43404bc83c42930864c9db650070e65cfb5a  ./imgpkg-linux-arm64
2a0c2adb6edf0d67a0677c6dcf036c34d1f26af2858cacd9d114669829cc4848  ./imgpkg-darwin-arm64
4f87f219012e48b917d7aaf8b0ee71729f2572fc1a3deb7483bd8744fe2e1a06  ./imgpkg-linux-amd64
c07608dd4c1b534aaebe5aaf3993ae1a6e0af44691f06d4cd035836c868084c6  ./imgpkg-windows-amd64.exe

v0.42.2

12 Jun 16:33
45bba3a
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.2/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.42.1...v0.42.2

📂 Files Checksum

493f0931964e800aab255fe32256d044369c997537e7fdc8fcc93ac978c5462e  ./imgpkg-linux-arm64
59f0af401217f3dc36163c31e093b5bdceeaf9397576e894b591a014480b9c1b  ./imgpkg-darwin-amd64
bea6e08f5f6bf8b2a7f31486c41b34715e5dd6e4319e15968e25cd570daf5446  ./imgpkg-linux-amd64
cae062487d5c16d52f6ec70b455b6e53202e021928c061568d4e976ff7ad1a19  ./imgpkg-windows-amd64.exe
cf10c7cb2ef202e1f4fb1f334e350c760690c21883c79f8485c488ff9007aca2  ./imgpkg-darwin-arm64

v0.42.3

04 Sep 09:17
fae1581
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.3/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.42.2...v0.42.3

📂 Files Checksum

0cb732863d7e9fa263a232f89ff162886d0c88d585ea27f2f51526f531b4707d  ./imgpkg-linux-arm64
9429779c0ffdbf295e4aa10591184bab1ab3f2145153205532ad080ea3135566  ./imgpkg-linux-amd64
b0382798d3045f3641f3f5c0f28ba57fb378fed8a6a1fc2d8991883ce8384a3a  ./imgpkg-windows-amd64.exe
b96ad7f72a2b6cdc59f508cf606bb280f70b81f1a5024840d4cc8fcd9f63fdca  ./imgpkg-darwin-arm64
ce21316a0345219b19186b9bf40947f4c19aaa50b18ed775717b80512b0b4476  ./imgpkg-darwin-amd64

v0.42.1

03 May 16:35
826a778
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

  • Describe reaches out to original registry to get information on layer incorrectly #659

Full Changelog: v0.42.0...v0.42.1

📂 Files Checksum

6a437f95f8cf0d1295c4165ce60ecf3f4dfe722a497bce8f1b8005a671551df8  ./imgpkg-darwin-arm64
76a2d5a1cc6b5917fea35c9cf7383fc742ade39f2d51f1485a25bd4a8aa58970  ./imgpkg-darwin-amd64
78ed95d612a927abc344df8cadd052610637566b98594252db3bc03ff2713d83  ./imgpkg-linux-arm64
de1816b01fcc1d602013b4b851975a46b6544ae45c001f0c2d15e1c2d4ebc420  ./imgpkg-windows-amd64.exe
fc4e0bc2e238b2ffaff8f04fba0844de0d1e5ef7dd870a4d01896361b5b5510b  ./imgpkg-linux-amd64

v0.42.0

16 Apr 11:52
e538605
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

🔈 Callouts

Full Changelog: v0.41.0...v0.42.0

📂 Files Checksum

0bb6235af28abafc3458e30fbbd49e040aaa2189c4c39212a3c7a5a57ea83754  ./imgpkg-linux-amd64
3efc3081538273e924152c978911b0331b9b397cc72e587803c51b5f06f6636a  ./imgpkg-darwin-arm64
89272b9b14512787154eef4fa1ba2132afd4cac1840af757efb8ca9f09fe4711  ./imgpkg-windows-amd64.exe
bbe4c9a3eae83df55b267506a3e6b22d94a7b4ed642f94797779e2b0ba647373  ./imgpkg-darwin-amd64
fc7ad7465730297085e4c7deefc47e2e56713be957971935008460a9bc709a0a  ./imgpkg-linux-arm64

v0.41.1

26 Feb 10:00
287c735
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.1/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

Changelog

  • 287c735 When 2 images with same SHA are reference by 2 nested bundles (#638)

✨ What's new

Full Changelog: v0.41.0...v0.41.1

📂 Files Checksum

50d63ad2b4735858112a55e3a2baf9af8568e459e79537f7aa04baf60b291797  ./imgpkg-darwin-amd64
004551cec931a3633c0bb380e113f9c700796deab240a514201c2ec6f0a6fc4e  ./imgpkg-darwin-arm64
e6291309be274d8137116bba06824af763e22110d48e9cc45aca0d3135420966  ./imgpkg-linux-amd64
1fc1c933cc235ef13dedf701075b36fea9c5da425783bec18452ccfb5332cac9  ./imgpkg-linux-arm64
35553c5790ae289d9c964c8954ebed47c55d189a279fc4c5baa28d58f3a24157  ./imgpkg-windows-amd64.exe

v0.41.0

21 Feb 21:24
7ae3b0c
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.41.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

  • Some layers in some images do not have a DiffID, and imgpkg was not able to process them #464
  • Images that contained OS filesystem could not be pulled due to symlinks and other file types #441
  • Updated dependencies

Full Changelog: v0.40.0...v0.41.0

📂 Files Checksum

036dc61fe3fa4157aea62cf9284e3c8d7b4f878becbbac21629d043bef1e9171  ./imgpkg-windows-amd64.exe
1822aef7b14f97da0e1d12946362a773863e601c57d943a886ba86f71fcc6777  ./imgpkg-darwin-amd64
2b1bc6ecd757a099b788474a0bf81748c69b5745443a351db0558fd3fcd431df  ./imgpkg-linux-arm64
50eb0ff74447c2d46ab9152794ae11076233390f9a7747a9056985a8de072be0  ./imgpkg-linux-amd64
8553577a8db76e9aee7963ba2c6bc88c5f5dab04286c51e05291ab87dc8d7290  ./imgpkg-darwin-arm64

v0.40.2

06 Sep 10:48
04b9301
Compare
Choose a tag to compare

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/imgpkg-linux-amd64

# Move the binary in to your PATH
mv imgpkg-linux-amd64 /usr/local/bin/imgpkg

# Make the binary executable
chmod +x /usr/local/bin/imgpkg

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install imgpkg
$ imgpkg version

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/checksums.txt
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.40.2/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.40.1...v0.40.2

📂 Files Checksum

4e3022f96b557b265b056997d19c9662b7ce23315d3ffc97eec829836adb27a4  ./imgpkg-windows-amd64.exe
b8d128c3d8f588c71e2866f959bceb9761988bcb5a948d271731952fd204343d  ./imgpkg-darwin-arm64
d80fd7134b8dff0afe12aef7124099e1d4dfd043aa88d4da8fa93710e255f667  ./imgpkg-linux-arm64
dd2567580256f511af2e2f272c8550c94c5b5763ac5b0e9296c26328cb2fbc1d  ./imgpkg-linux-amd64
fbe3a0f4eb2dfef33eb563226016500809df02eccbb57f596ad2f30a151d6968  ./imgpkg-darwin-amd64