Skip to content

Releases: carvel-dev/kbld

v0.49.1

Choose a tag to compare

@github-actions github-actions released this 17 Jun 10:45

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.1/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.1/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.1/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

  • d633d6d Replace SHA1 usage with SHA256 for enhanced security

First Contribution

Full Changelog: v0.49.0...v0.49.1

📂 Files Checksum

b3f5277ff4819de189d1ebd6e455b3390308ca43b122b5bb3c40a7bb9e6f30c4  ./kbld-linux-arm64
d6c6dd4af41bea5cb3c8914e9b43536fc3c606592ddaaa98dda08b8517400969  ./kbld-darwin-amd64
1543d1352e90105a6206ccbf86b673aaf8c0d5d3637d2dc6f1079fcdece403a9  ./kbld-windows-arm64.exe
02462103319ce9c472bb30501d59fa199dc52d3521158368c2c90a7109d8646b ./kbld-windows-amd64.exe
437d38d3e59d01dd0d1ad75b4eb67fbd04fe51ed3de1ed55c3f7b3b7d5ec7546  ./kbld-linux-amd64
8b7c93828b96065d7fcdb51989e59462af443f59c8a88beeb421c5f5ff0ef65e  ./kbld-darwin-arm64

v0.49.0

Choose a tag to compare

@github-actions github-actions released this 11 Jun 21:55
ea02eee

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.0/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.49.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

First Contribution

Full Changelog: v0.48.1...v0.49.0

📂 Files Checksum

5ac217660fa3418686c55d57fe1b8106d5102f95c87ac10396c927f822dc304c  ./kbld-linux-arm64
c60055a764d6da6f18369d80d601483ee429dab2dd44501a87ebad60326c25c2  ./kbld-darwin-amd64
de3fa737cd05e09d2547361b018edeaffd25cefb0857e931332528e47c252bc6  ./kbld-windows-arm64.exe
eb0d5157f05a597e086e97055afd2100e40792915c9fbc40f7504be35e11759a  ./kbld-windows-amd64.exe
f9ec8530fb677a37d9e9dd7c95fabaa2c857b2c46f21cdfdcec3a665a1236b6d  ./kbld-linux-amd64
fa66c519ce4dc44dc10e778def90d90efc556f1676610be1a71923394e13bba1  ./kbld-darwin-arm64

v0.48.1

Choose a tag to compare

@github-actions github-actions released this 01 Jun 11:42
41906d9

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.1/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.1/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.1/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

  • chore(deps): upgrade Go to 1.26.3 and bump imgpkg, vendir, pflag, and x/mod by @sameerforge in #595

Full Changelog: v0.48.0...v0.48.1

📂 Files Checksum

3f069897f433455aaaf4a918a9a4a0faea0663b43f4e68574328a651a19b9815  ./kbld-windows-arm64.exe
9e417cb47dbf484cbf2a9f10b6a43186d2dded3597102de3f47f1d2989669884  ./kbld-linux-amd64
fc0909f8a77f737cc075fc2e9dbf70408e00e933015863569dbd17a020e6fc06  ./kbld-darwin-amd64
27cc0137f0b7c71e0ebe924ace785b6e25b27c809c7db8d39f880c1864c191cc ./kbld-linux-arm64
bb17aa8eea874485805ab475b7399050443a211ca6568b2112e435509f7fcd32  ./kbld-windows-amd64.exe
a9ed7e4fbce8fa714357458d29cea0664a00d403415f47e700fbc3b7d951f561  ./kbld-darwin-arm64

v0.48.0

Choose a tag to compare

@github-actions github-actions released this 15 May 05:34
17b1c6a

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.0/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.48.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

  • 25d7e9b Update Dockerfile to consume ytt v0.55.0 & kapp v0.65.2
  • cd55f00 Update imgpkg to v0.48.0
  • cfa113a build(deps): update cobra to v1.10.2
  • dc480ed chore(deps): bump k8s.io/apimachinery to v0.36.0
  • f6e507f ci: upgrade golangci-lint to v2.12.2 & Go to 1.26

Full Changelog: v0.47.3...v0.48.0

📂 Files Checksum

a7393b5dab9782218d578e4779e8c1a011418f19601fb66dcf881a3fcfe93bcf  ./kbld-windows-arm64.exe
52521ed5eebdddc2e7c7dc04da775270677a450f958198d0c26b3cb011f58a29  ./kbld-linux-amd64
950ecd6562fe99df46dd34f7b32706ef2583a428fb4f1c7563f29bd97b5082f2  ./kbld-darwin-amd64
8f94aecad48df7ee99fa347eb24efad71ae0fb6ae3be03677a3c7d1ead359f1d  ./kbld-linux-arm64
7320a9e3c04b0dd32c56c14c6710b8c5fe7d65f320d01d832874f42e3c0a7bfe  ./kbld-windows-amd64.exe
2360e61e8a96215ec4d5b0ee7620b2942e17a157caadd086a540c57552ac6a48  ./kbld-darwin-arm64

v0.47.3

Choose a tag to compare

@github-actions github-actions released this 17 Apr 05:49
c035e82

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.3/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.3/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.3/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.47.2...v0.47.3

📂 Files Checksum

974c4d63675e1d57f58fdbd89e838e12e04833389a7d3cce97a30c4cad14024f  ./kbld-windows-arm64.exe
26be68f9ec354a2753f102707f4389e28111d36c2a318b72cd1bcff719fabb6c  ./kbld-linux-amd64
224eae07777ac6180a9911fa5be1d1e5fb2f1d053faa39b55c8e79092bde3795  ./kbld-darwin-amd64
e985d62a8539ca2386c0e3db0e2c357adf55a4fdd0fa0e4ad7ab48a852c11ab1  ./kbld-linux-arm64
13b372e68e3c57b4af110230f62ca2f80561741e31a8c67d1b848932d6fa32bd  ./kbld-windows-amd64.exe
c856f5ccfbc362e96bf3fcffc2e2070f74aef067479981a40aeffd4924506702  ./kbld-darwin-arm64

v0.47.2

Choose a tag to compare

@github-actions github-actions released this 04 Mar 10:36
db19480

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.2/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.2/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.2/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

  • Bump golang to 1.25.7 and update imgpkg to v0.47.2 and vendir to v0.45.2

Full Changelog: v0.47.1...v0.47.2

📂 Files Checksum

33a7e80404da43b1fd5912ff775f8dca7ef34120b177bc94737557a55985b5f4  ./kbld-windows-arm64.exe
4f220f904da398e7e8741d81995d9c96ff5f1e9b0578fa157fc5cc16730844a6  ./kbld-linux-amd64
928d0297cfcd1bcba15d17cac1576d9c2e4b33c9fe32f4c1966a5609c1bdfa29  ./kbld-darwin-amd64
a13bfe9ec7464c24dc18fcb2f192b383b7f26cdd1fa8d891de9699b04a86c4d7  ./kbld-linux-arm64
c3cf49fe1d92b4a76624b3ba2235fee176f4f5ffbfc07ae7fbcbb94471046c0c  ./kbld-windows-amd64.exe
da43fb9c6f9298f52b1c4a6d6a95047b81307f41a09a6918db8c10ae9448287b  ./kbld-darwin-arm64

v0.47.1

Choose a tag to compare

@github-actions github-actions released this 05 Feb 06:54
f5157e4

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.1/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.1/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.1/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: v0.47.0...v0.47.1

📂 Files Checksum

0950151615895b6a699085ba216a321aec35e4808672277281b94fc58cc0686b  ./kbld-linux-amd64
136d66d0e2ea52ce90ed1c8609493b74df2be2fe240a151730d9dfb933b563af  ./kbld-windows-arm64.exe
4b649e508d8f5a0d29b15bacf4b70dd43055c284a122fa089524d216c85e9e62  ./kbld-linux-arm64
826d0f290c5fe2deb041840c506db75126b526ab7c76d38ed3c200300761be1e  ./kbld-darwin-arm64
d9663874178bd16b1bb65606dfeac482768cd0b6977008aa0a7a0743a65287a5  ./kbld-windows-amd64.exe
ed2ebfdd86ca3972c4966dca73e731b21571a7d9a35dd68cc7bfd9149c946b9c  ./kbld-darwin-amd64

v0.47.0

Choose a tag to compare

@github-actions github-actions released this 20 Nov 16:01
c3398ba

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.0/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.47.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

New Contributors

@CodesbyUnnati made their first contribution in #567

Full Changelog: v0.46.0...v0.47.0

📂 Files Checksum

22d0ba350d8ae760dda1162893559c53065bdfb11648855ffcb7b53183a4e717  ./kbld-linux-arm64
529cb544dae41e59f75f1d5fc292865ec22e191be590058272bda63a0eb57302  ./kbld-darwin-amd64
59b2e9ee3bc9b18f3923d379f2205ab0873899c88c503e94bc4037b656adf38f  ./kbld-windows-arm64.exe
5a8f0288f967538ce5b32f3dfecf67e0da59744a6ab48aeeeb86078f37ce24d2  ./kbld-windows-amd64.exe
81616056fa27db02e1b1d530f17ab1137aa6babbed1937f49df933d2e2fd1c33  ./kbld-darwin-arm64
f9cf1d84ed8dd7c19133044e15939e62c9929ecf1115edeb7275f45b99e2d1ac  ./kbld-linux-amd64

v0.46.0

Choose a tag to compare

@github-actions github-actions released this 15 May 18:06
f3e483f

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.46.0/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.46.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.46.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.46.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

  • Bump golang, imgpkgs and vendir versions by @devanshuVmware in #545
  • fixing golang.org/x/net cve bump v0.30.0 to v0.33.0 by @mohitsharma-in in #524

Full Changelog: v0.45.0...v0.46.0

📂 Files Checksum

41562def3db908f903a27b0a4f5e781bf875c2c26297d6d13fcf94c717057143  ./kbld-windows-amd64.exe
6d059595ab02ec45c4ebb189eaef5c680271a6f32b62b14f8d0c094e6512e39b  ./kbld-darwin-arm64
7b758d93d7d63492d55169a721388de2fae2c481be2111cc66d4352c784cc457  ./kbld-darwin-amd64
90e8d123d5e33ab13b849997bdb05626fa7f2384120d87a29eebd56490105ca9  ./kbld-linux-amd64
bb2422ca7b9b169ef17dfa6fd7d51b0caa8634c416ba57bae55458e3b5427934  ./kbld-windows-arm64.exe
f0202ff24fda501ead70f4b83f24d0e078bb45b52e8ce7217f0b78a6bfedebc3  ./kbld-linux-arm64

v0.45.2

Choose a tag to compare

@github-actions github-actions released this 22 Apr 10:47
bb69d68

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.45.2/kbld-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld

# Make the binary executable
chmod +x /usr/local/bin/kbld

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.45.2/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.45.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.45.2/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

  • Bump imgpkg and vendir to latest patch versions by @devanshuVmware in #538

Full Changelog: v0.45.1...v0.45.2

📂 Files Checksum

22f0cef344cf2678e00dd404e864b58883861e855985c16c591f550df5b1e26c  ./kbld-windows-amd64.exe
5beb63063cc5d4c7de507370e780cf342926cc6e0e343869b01d794fce7f3f99  ./kbld-linux-amd64
89c6dad3b8c867e038cddd858a174df9ca17d1696fc0bb3a8c59462664fd9c2b  ./kbld-windows-arm64.exe
bb5cf82b3a64fc3e100c04a45db4052eaeca62247af8cc98d473d833b2ebe4e1  ./kbld-darwin-arm64
c37f9b6c2f67066a33d1232580dddb5d36cdd8b244c1bc156bc668df1e8d2099  ./kbld-linux-arm64
e8bfb2bfef8f78d96d499774133ae865f2859aba48e186b825c07f99f4581e5d  ./kbld-darwin-amd64