github Commit-Boost/commit-boost-client v0.9.7-rc1
on GitHub

pre-release5 hours ago

Test release using the new release process. Code is functionally identical to v0.9.6.

Verify a binary

# Set the release version and your target architecture
# Architecture options: darwin_arm64, linux_arm64, linux_x86-64
export REPO=Commit-Boost/commit-boost-client
export VERSION=vX.Y.Z
export ARCH=linux_x86-64
export BIN=commit-boost-pbs

# Download the binary tarball and its signature bundle
curl -L \
	-o "$BIN-$VERSION-$ARCH.tar.gz" \
	"https://github.com/$REPO/releases/download/$VERSION/$BIN-$VERSION-$ARCH.tar.gz"

curl -L \
  -o "$BIN-$VERSION-$ARCH.tar.gz.sigstore.json" \
  "https://github.com/$REPO/releases/download/$VERSION/$BIN-$VERSION-$ARCH.tar.gz.sigstore.json"

# Verify the binary was signed by the official CI pipeline
cosign verify-blob \
  "$BIN-$VERSION-$ARCH.tar.gz" \
  --bundle "$BIN-$VERSION-$ARCH.tar.gz.sigstore.json" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  --certificate-identity="https://github.com/$REPO/.github/workflows/release.yml@refs/heads/main"

A successful verification prints Verified OK. If the binary was modified after being built by CI, verification will fail.

The .sigstore.json bundle for each binary is attached to the release alongside the tarball itself.

Acknowledgements

Check out latest releases or
releases around Commit-Boost/commit-boost-client v0.9.7-rc1

Don't miss a new commit-boost-client release

NewReleases is sending notifications on new releases.

Get notifications