github charmbracelet/crush nightly
on GitHub

pre-release7 hours ago
Verifying the artifacts

First, download the checksums.txt file and the checksums.txt.sigstore.json file files, for example, with wget: 

wget 'https://github.com/charmbracelet/crush/releases/download//checksums.txt'
wget 'https://github.com/charmbracelet/crush/releases/download//checksums.txt.sigstore.json'

Then, verify it using cosign: 

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --bundle 'checksums.txt.sigstore.json' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum: 

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Check out latest releases or
releases around charmbracelet/crush nightly

Don't miss a new crush release

NewReleases is sending notifications on new releases.

Get notifications