Releases: carvel-dev/vendir
Releases · carvel-dev/vendir
v0.42.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingChangelog
- 064b9c4 Allow additional CA certs to be supplied via vendir YAML when pulling an imgpkg bundle by @100mik
- f6eaffe fix: avoid panic by checking response for nil by @Zebradil
📂 Files Checksum
40afd08db3b1ee96350f1ab09bd9208aa7edec458c4b5f167eb71ac076576571 ./vendir-linux-amd64
683ad9c8174f9f81dc17b2fd81f79a7f83a40a942201ae15a50d97a586fb16be ./vendir-windows-amd64.exe
a47b6aab79f4fdd66136e8a8434b6d8c8fc16ad4c38c60fcc5e95475fd333e24 ./vendir-darwin-arm64
df7487c414da4425aa682271f236ae2912c828eb8b1aaebbb2f1af010ef5b289 ./vendir-darwin-amd64
fd631a32207efd79d84911186c50d80cbd136a4cddb5dffa3f11c3f7689c6ff0 ./vendir-linux-arm64
Contributors
Zebradil and 100mik
Assets 10
v0.41.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Fixing CVE by @rohitagg2020 in #394
Full Changelog: v0.41.0...v0.41.1
📂 Files Checksum
58facd06bae6ffc858b348da9dcc0b032d030a6a31767fea6f9166658d7a61e2 ./vendir-linux-arm64
67411476ecc322c4b32619b168bf5a7fafc86daa764251be1613bec22c1c1003 ./vendir-windows-amd64.exe
993ae33df2e722c327aff4807eeba0e08b0c9f3bd996e67caa89c503c6a8bcda ./vendir-darwin-arm64
ad63b667c7756cac7804e080861b3e794fbfc83ba662f5461928c30fe890a828 ./vendir-darwin-amd64
f878f3e16b702c47e42b2215a670d65028bc0158643ed28a2dfaa6f37b1344ac ./vendir-linux-amd64
Contributors
rohitagg2020
Assets 10
v0.41.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Bumping dependencies in #390 by @rohitagg2020
- Add cache for mercurial repositories in #372 by @cdevienne
- Add cache for git repositories in #380 by @cdevienne
Full Changelog: v0.40.1...v0.41.0
📂 Files Checksum
295714208c95c4a3602fc2308d098a7540a2b71fdc1e104f95b3816fa073852c ./vendir-darwin-amd64
3b1094bf45a9ff5c2915a986f4d7cee8480c3cab31c060445f851c48f397ee31 ./vendir-linux-amd64
555806ae50e2f8cb0f0034263ae2e29ece13a3ad2ee691d13536c33ea4728c2e ./vendir-windows-amd64.exe
f1456d6cbf11299eece2e87563caabe24309302c327c5e42a357ebeaba057a05 ./vendir-linux-arm64
f9df00c3d35cf9d15767ea9b18a668ee9627eebefe0b6d4e1e4b648d5c992ceb ./vendir-darwin-arm64
Contributors
cdevienne and rohitagg2020
Assets 10
v0.40.3
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Docker version bump to fix CVE-2024-41110 by @devanshuVmware in #396
Full Changelog: v0.40.2...v0.40.3
📂 Files Checksum
287b5fba2bd6079e5dc52f4da29e16a851fe4ae1d625019b00f9ca8c8da776ed ./vendir-linux-amd64
83a734a6b8989319da6f0ad2669e75fb9b313df761852693f45e90b11828c29e ./vendir-darwin-arm64
8bce41331a903a681040b1e09993155cb902ff90e31e3c77e9dba18118ccc4b2 ./vendir-linux-arm64
b450bf1bdbb080569e00779e99cde05e8c02547cd432b84837f00f4884457850 ./vendir-darwin-amd64
dc7c64eb65b040fa2f42943ef1dade27d4909f74ae03182dc8e2f79daf4d134f ./vendir-windows-amd64.exe
Contributors
devanshuVmware
Assets 10
v0.40.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Bumping golang to 1.22.4 in #386 by @rohitagg2020
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
59eba74240e96d96fae62c2cd2fdd2606dde9217fb1cd4c04a5a074a9afcb59e ./vendir-linux-amd64
744a181e17cfe92decc1f7952d34d7188359f40d23a15504473087a89a4b9cd2 ./vendir-darwin-amd64
7fcc16616fe2b5f4ab4526d201713cdc365f3b2eca389d55c6f3d00e39f7a03e ./vendir-windows-amd64.exe
c4068b8d46fe740f356685d3294043d3b1358d925e3d85e6b5294d5c7e43099a ./vendir-linux-arm64
c6ad5ec731e5c6e46e37cfed28b7e0596178683bf0bd34556eceac925188dd30 ./vendir-darwin-arm64
Contributors
rohitagg2020
Assets 10
v0.34.13
✨ What's new
- Bump vendir in line 34.x by @rohitagg2020 in #383
Full Changelog: v0.34.12...v0.34.13
📂 Files Checksum
30b070d05f9fb6f5db47efa243f7513e198381be86f7c90bf07eb9c9e3cb8162 ./vendir-darwin-arm64
31a45fd3c9549ff70f6f07db63f5e1446440b92560b152e280aa65d769ee84a1 ./vendir-darwin-amd64
5a2fbd3aa40337e42934994db75ca28ec6e3473b7eb12baffb7d0356b47b14b7 ./vendir-windows-amd64.exe
b3bcadb604fe25a7d0012b66f68f7741fd96a623123b54cafd96f996abf61dfa ./vendir-linux-arm64
c0b163ab7bb809241feaeb70f0e8c7c65008d5feb715e2152218fe2784e7f65c ./vendir-linux-amd64
Contributors
rohitagg2020
Assets 8
v0.40.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- fix: close tmp file before rename by @meier-christoph in #360
- Make version more flexible to allow vendir to be used as a library by @joaopapereira in #365
- Update copyright headers by @prashantrewar in #369
- Use latest github.com/carvel-dev/semver by @mamachanko in #373
- Bump go version 1.22.2 and imgpkg v0.42.0 by @rcmadhankumar in #378
🔈 Callouts
- @prashantrewar made their first contribution in #369
- @grokspawn made their first contribution in #370
- @mamachanko made their first contribution in #373
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
3941cf7b7ba1219d574b93ce1bd8b77928ad9ff9cdf8e2debf3ae11ae695792f ./vendir-darwin-amd64
34974c9a6a6e32eb21adac47ce72df6340d36886b5ebe8b5937444a0d7ecc529 ./vendir-darwin-arm64
d7c602d8882085be78cd02a575a6c3b437bb2fa1ff1067712f593d8cf05c94fa ./vendir-linux-amd64
43e98922103ef30995a11bd4491b138b635c9b7bf17f98475fb5a06c87392e1d ./vendir-linux-arm64
7d240b999712e617021e057afeabf2803a89ab93ca91f44a58e063fa74d7eee3 ./vendir-windows-amd64.exe
Contributors
mamachanko, joaopapereira, and 4 other contributors
Assets 10
v0.35.5
✨ What's new
- Fixing CVE by @rohitagg2020 in #398
Full Changelog: v0.35.4...v0.35.5
📂 Files Checksum
282d55d898399c35f9d89ef7c8a617d8dfa6e2f4f4042adaf628324681358ba6 ./vendir-linux-arm64
5990a99402d5602d84a59887c08521ca9bfef490cb7ef18ded2226e0fa0c9352 ./vendir-darwin-arm64
7524419a2e4183d65261ec66c97eff2bd890483eb449f680794f8baa98757c64 ./vendir-windows-amd64.exe
af05e4f8fc841b0d567f83d129fef90ff7a72aa818306fdf98571030b122b701 ./vendir-darwin-amd64
d793acc453f52f111c7c08b76d7f78dfdaccd6fc40bbb279d4b6bde6655152f0 ./vendir-linux-amd64
Contributors
rohitagg2020
Assets 8
v0.40.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Fix codegeneration
- Force usage of Basic Auth when retrieving repositories from git when a flag is configured #361
- Enforce timeout when retrieving tags from a registry #329
- Normalize paths provided in the configuration file #341
- Do not allow overlapping paths #343
New Contributors
- @alexbarbato made their first contribution in #344
Full Changelog: v0.39.0...v0.40.0
📂 Files Checksum
0bf3840619436908b11fce2c7015d928450b41a3b9ef19fecc6223ff2ed084a4 ./vendir-darwin-amd64
1b8e5eea893f78ed04b6834f24e1a69bbc9259cd7662bd7fe11283cdf8c482d0 ./vendir-windows-amd64.exe
3e076a452d88d6e3bc190d527f4d7c949ab6eccae19bf5d3cbb910d53724f2b9 ./vendir-linux-amd64
b6defba97d36e26e02df8b263de17061bbbc432365c9d26070eb7a837d7e33fc ./vendir-darwin-arm64
c43469a085dd0f6cebdab97a7747710f9dafa4886dd5e0ae7c1d3f975a12756e ./vendir-linux-arm64
Contributors
alexbarbato
Assets 10
v0.39.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.2/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.2/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Bump golang minor version to 1.22 by @devanshuVmware in #397
Full Changelog: v0.39.1...v0.39.2
📂 Files Checksum
23646aad012e53b0a7a40a7fca08b23c752fd38b873d5e87fca67088e4023591 ./vendir-darwin-amd64
35cbbec899fae1222eed93f8f9e86af34e06423d05a64efd9da8d95c75c1bb4f ./vendir-darwin-arm64
8b3007bbed38838fc71840d295bcc961a6510cbba7516b252235b0afaca00a05 ./vendir-linux-arm64
94094a4b69384d3ad6c4c4376f0d79334aea93685dba460243d4a896a0486ca8 ./vendir-windows-amd64.exe
b24a66956dcc1ec2aa5ce356e613803995663ad9ea7dededf100e03fc1ff1120 ./vendir-linux-amd64
Contributors
devanshuVmware