Pull Requests | Issues | v2.30.0...v2.31.0
Overview
Featuers
#2978 #2994 Support verifying packages with minisign
#3052 Support passing variables
Fixes
#3012 Fix typo temporal
. Replace them with temporary
#3017 #3024 Stop using replace
directive
Others
Update Go 1.22.5 to 1.22.6
Feature - Support verifying packages with minisign
Support verifying packages with minisign.
Why is the feature needed?
To install some packages securely.
For example, zig is signed by minisign.
Example Code
This feature is similar to Cosign and slsa-verifier.
https://aquaproj.github.io/docs/reference/registry-config/cosign/
This feature depends on minisign.
So aqua should install minisign transparently same as Cosign and slsa-verifier.
registry.yaml
minisign:
enabled: true
public_key: "RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U"
# public_key_url: https://example/signature.pub
Feature - Support passing variables
Add the optional field vars
in aqua.yaml and Registry.
vars
in Registry
e.g.
packages:
- type: github_release
repo_owner: indygreg
repo_name: python-build-standalone
asset: cpython-{{.Vars.python_version}}+{{.Version}}-{{.Arch}}-{{.OS}}-install_only.{{.Format}} # .Vars.python_version
vars:
- name: python_version
required: true
# ...
vars
is a list of variables.
Fields of a variable
- name: string (Required): A variable name
- required: boolean (Optional): If true, the variable is required. To use the package, users need to set the variable in aqua.yaml
- default: any (Optional): The default value of the variable
Variables are passed to template strings as .Vars.<template name>
.
e.g.
asset: cpython-{{.Vars.python_version}}+{{.Version}}-{{.Arch}}-{{.OS}}-install_only.{{.Format}}
vars
in aqua.yaml
e.g.
packages:
- name: indygreg/python-build-standalone@20240726
vars:
python_version: 3.11.9
vars
is a map of variables.
The key is a variable name and the value is a variable value.