v0.6.2
Changelog
Bug fixes
- 407c4ec: fix(ssh): add authentication middleware (@aymanbagabas)
Dependency updates
- d6b6f7c: feat(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#392) (@dependabot[bot])
- 53832a9: feat(deps): bump github.com/prometheus/client_golang (@dependabot[bot])
- 6f0a418: feat(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#391) (@dependabot[bot])
Verifying the artifacts
First, download the checksums.txt
file, for example, with wget
:
wget 'https://github.com/charmbracelet/soft-serve/releases/download/v0.6.2/checksums.txt'
Then, verify it using cosign
:
cosign verify-blob \
--certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--cert 'https://github.com/charmbracelet/soft-serve/releases/download/v0.6.2/checksums.txt.pem' \
--signature 'https://github.com/charmbracelet/soft-serve/releases/download/v0.6.2/checksums.txt.sig' \
./checksums.txt
If the output is Verified OK
, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum
:
sha256sum --ignore-missing -c checksums.txt
Done! You artifacts are now verified!
Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.