Releases: carvel-dev/vendir
v0.43.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.2/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.2/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Bump imgpkg version to 0.44.2 by @devanshuVmware in #415
Full Changelog: v0.43.1...v0.43.2
📂 Files Checksum
172e51a712dd38adecc1c2edaea505ed63079bb6a42f8d613a8da22476f61cf1 ./vendir-linux-amd64
284f06fe3fbb5d127a40962a9b75b2142636e4d8f767deaf7b470abca9775633 ./vendir-windows-amd64.exe
29cb3224debc23f1aaab46bb8f26bf0d094bdb8a557fdb6e4e04465077762e25 ./vendir-linux-arm64
6b53bf9d0f85daa7b2a1e7705d8fe74d62df624ac093cf7161bd9e77988b4963 ./vendir-darwin-amd64
d3f327c8fde2513742cbcb1ffe093c26aff7a87333a38be65b2f15f7e1945bc7 ./vendir-darwin-arm64
Contributors
Assets 10
v0.43.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.1/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Fix CVEs & linter issues by @devanshuVmware in #412
Full Changelog: v0.43.0...v0.43.1
📂 Files Checksum
34c1638e57d577f437fd55c206857422f8c52427f55352722161eb1d29fbcb6e ./vendir-darwin-amd64
540d146faad93e1ba8962bb2367b6ad64ab504750ec7efd8a1a558fca4c7f392 ./vendir-linux-amd64
89584179518d8810dd305607798d9c20fd3d97a9153735991f942a15d9f31d33 ./vendir-linux-arm64
cd7b01f90e2c9f195c628509ae59b0367da5e9c1cdeee1d3cfcbd73e933c224c ./vendir-windows-amd64.exe
f4149b425cfb86b2e1e9130ffc15415d1d89dd19b01301e1143cab55f2c162ff ./vendir-darwin-arm64
Contributors
Assets 10
v0.43.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.43.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Bump golang version to 1.23 by @devanshuVmware in #404
Full Changelog: v0.42.0...v0.43.0
📂 Files Checksum
0895efdc3fe36f37035ce96169e8cc335a103adcfe02092fcc29f514be8867e7 ./vendir-linux-arm64
3d31f00efc0a11a8dfcf662d45a120d18f99105d1502bbfe12a6cbd9d0b1f570 ./vendir-linux-amd64
693d956011994b5be2491f7534faae1cb0a07cfed911cf5b9e0f3da65db36707 ./vendir-darwin-amd64
6aa8183d0ba729e5f4132fbb11e63ba08f5cfbd4e3c3b299bdb142d61145ca1c ./vendir-windows-amd64.exe
ffa520a0604cb2831937c232bd89bd4e27afc12f16459f35e6f92cb69bd08d5a ./vendir-darwin-arm64
Contributors
Assets 10
v0.42.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missingChangelog
- 064b9c4 Allow additional CA certs to be supplied via vendir YAML when pulling an imgpkg bundle by @100mik
- f6eaffe fix: avoid panic by checking response for nil by @Zebradil
📂 Files Checksum
40afd08db3b1ee96350f1ab09bd9208aa7edec458c4b5f167eb71ac076576571 ./vendir-linux-amd64
683ad9c8174f9f81dc17b2fd81f79a7f83a40a942201ae15a50d97a586fb16be ./vendir-windows-amd64.exe
a47b6aab79f4fdd66136e8a8434b6d8c8fc16ad4c38c60fcc5e95475fd333e24 ./vendir-darwin-arm64
df7487c414da4425aa682271f236ae2912c828eb8b1aaebbb2f1af010ef5b289 ./vendir-darwin-amd64
fd631a32207efd79d84911186c50d80cbd136a4cddb5dffa3f11c3f7689c6ff0 ./vendir-linux-arm64
Contributors
Assets 10
v0.41.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Fixing CVE by @rohitagg2020 in #394
Full Changelog: v0.41.0...v0.41.1
📂 Files Checksum
58facd06bae6ffc858b348da9dcc0b032d030a6a31767fea6f9166658d7a61e2 ./vendir-linux-arm64
67411476ecc322c4b32619b168bf5a7fafc86daa764251be1613bec22c1c1003 ./vendir-windows-amd64.exe
993ae33df2e722c327aff4807eeba0e08b0c9f3bd996e67caa89c503c6a8bcda ./vendir-darwin-arm64
ad63b667c7756cac7804e080861b3e794fbfc83ba662f5461928c30fe890a828 ./vendir-darwin-amd64
f878f3e16b702c47e42b2215a670d65028bc0158643ed28a2dfaa6f37b1344ac ./vendir-linux-amd64
Contributors
Assets 10
v0.41.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Bumping dependencies in #390 by @rohitagg2020
- Add cache for mercurial repositories in #372 by @cdevienne
- Add cache for git repositories in #380 by @cdevienne
Full Changelog: v0.40.1...v0.41.0
📂 Files Checksum
295714208c95c4a3602fc2308d098a7540a2b71fdc1e104f95b3816fa073852c ./vendir-darwin-amd64
3b1094bf45a9ff5c2915a986f4d7cee8480c3cab31c060445f851c48f397ee31 ./vendir-linux-amd64
555806ae50e2f8cb0f0034263ae2e29ece13a3ad2ee691d13536c33ea4728c2e ./vendir-windows-amd64.exe
f1456d6cbf11299eece2e87563caabe24309302c327c5e42a357ebeaba057a05 ./vendir-linux-arm64
f9df00c3d35cf9d15767ea9b18a668ee9627eebefe0b6d4e1e4b648d5c992ceb ./vendir-darwin-arm64
Contributors
Assets 10
v0.40.3
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Docker version bump to fix CVE-2024-41110 by @devanshuVmware in #396
Full Changelog: v0.40.2...v0.40.3
📂 Files Checksum
287b5fba2bd6079e5dc52f4da29e16a851fe4ae1d625019b00f9ca8c8da776ed ./vendir-linux-amd64
83a734a6b8989319da6f0ad2669e75fb9b313df761852693f45e90b11828c29e ./vendir-darwin-arm64
8bce41331a903a681040b1e09993155cb902ff90e31e3c77e9dba18118ccc4b2 ./vendir-linux-arm64
b450bf1bdbb080569e00779e99cde05e8c02547cd432b84837f00f4884457850 ./vendir-darwin-amd64
dc7c64eb65b040fa2f42943ef1dade27d4909f74ae03182dc8e2f79daf4d134f ./vendir-windows-amd64.exe
Contributors
Assets 10
v0.40.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- Bumping golang to 1.22.4 in #386 by @rohitagg2020
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
59eba74240e96d96fae62c2cd2fdd2606dde9217fb1cd4c04a5a074a9afcb59e ./vendir-linux-amd64
744a181e17cfe92decc1f7952d34d7188359f40d23a15504473087a89a4b9cd2 ./vendir-darwin-amd64
7fcc16616fe2b5f4ab4526d201713cdc365f3b2eca389d55c6f3d00e39f7a03e ./vendir-windows-amd64.exe
c4068b8d46fe740f356685d3294043d3b1358d925e3d85e6b5294d5c7e43099a ./vendir-linux-arm64
c6ad5ec731e5c6e46e37cfed28b7e0596178683bf0bd34556eceac925188dd30 ./vendir-darwin-arm64
Contributors
Assets 10
v0.34.13
✨ What's new
- Bump vendir in line 34.x by @rohitagg2020 in #383
Full Changelog: v0.34.12...v0.34.13
📂 Files Checksum
30b070d05f9fb6f5db47efa243f7513e198381be86f7c90bf07eb9c9e3cb8162 ./vendir-darwin-arm64
31a45fd3c9549ff70f6f07db63f5e1446440b92560b152e280aa65d769ee84a1 ./vendir-darwin-amd64
5a2fbd3aa40337e42934994db75ca28ec6e3473b7eb12baffb7d0356b47b14b7 ./vendir-windows-amd64.exe
b3bcadb604fe25a7d0012b66f68f7741fd96a623123b54cafd96f996abf61dfa ./vendir-linux-arm64
c0b163ab7bb809241feaeb70f0e8c7c65008d5feb715e2152218fe2784e7f65c ./vendir-linux-amd64
Contributors
Assets 8
v0.40.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/vendir-linux-amd64
# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
# Make the binary executable
chmod +x /usr/local/bin/vendirVia Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing✨ What's new
- fix: close tmp file before rename by @meier-christoph in #360
- Make version more flexible to allow vendir to be used as a library by @joaopapereira in #365
- Update copyright headers by @prashantrewar in #369
- Use latest github.com/carvel-dev/semver by @mamachanko in #373
- Bump go version 1.22.2 and imgpkg v0.42.0 by @rcmadhankumar in #378
🔈 Callouts
- @prashantrewar made their first contribution in #369
- @grokspawn made their first contribution in #370
- @mamachanko made their first contribution in #373
Full Changelog: v0.40.0...v0.40.1
📂 Files Checksum
3941cf7b7ba1219d574b93ce1bd8b77928ad9ff9cdf8e2debf3ae11ae695792f ./vendir-darwin-amd64
34974c9a6a6e32eb21adac47ce72df6340d36886b5ebe8b5937444a0d7ecc529 ./vendir-darwin-arm64
d7c602d8882085be78cd02a575a6c3b437bb2fa1ff1067712f593d8cf05c94fa ./vendir-linux-amd64
43e98922103ef30995a11bd4491b138b635c9b7bf17f98475fb5a06c87392e1d ./vendir-linux-arm64
7d240b999712e617021e057afeabf2803a89ab93ca91f44a58e063fa74d7eee3 ./vendir-windows-amd64.exe
