v0.5.1

github-actions released this 09 Jun 14:05

· 40 commits to main since this release

c9bd6a8

no changes

🔐 Verifying the artifacts

All release artifacts (executables and packages for every OS) are included in the signed checksums.txt file.

How to verify:

Download checksums.txt, checksums.txt.sig, and checksums.txt.pem from the release.
Run this command:

cosign verify-blob \
  --cert checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity "https://github.com/CPToolset/xcsp-launcher/.github/workflows/release.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  checksums.txt

If the output is Verified OK, you can then validate the integrity of the downloaded files:

sha256sum --ignore-missing -c checksums.txt

Assets 14