github-actions
released this
03 Sep 10:25
·
15 commits
to develop
since this release
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.3/kapp-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kapp
# Make the binary executable
chmod +x /usr/local/bin/kapp
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kapp
$ kapp version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.3/checksums.txt
curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.3/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Fixing CVE by @rohitagg2020 in #1010
Full Changelog: v0.63.2...v0.63.3
📂 Files Checksum
0007ec49c089f332b8c3a5dcdf5c0587e63afe1609857e28ea961cea8533e6e7 ./kapp-darwin-arm64
04accaa9a8d8a8fda12a47a3f22d5f16a1738b3088c1467af03c082aee7979f5 ./kapp-windows-amd64.exe
33702a40b6032ada742d73c59afeb393d0830a1913e3a599ca995eba3e68a57e ./kapp-linux-amd64
46b9961d8998c4a797ea3d648b83cf18be616945b48119d0b1e7a66813dc3658 ./kapp-darwin-amd64
dbdfa194067c420b5e5ed36cb99f008c9a2dec05f5aeebe770b854898d3de2c4 ./kapp-linux-arm64