chore: Update doc and digests for v2.5.1#748
Merged
laurentsimon merged 2 commits intoslsa-framework:mainfrom Mar 26, 2024
Merged
chore: Update doc and digests for v2.5.1#748laurentsimon merged 2 commits intoslsa-framework:mainfrom
laurentsimon merged 2 commits intoslsa-framework:mainfrom
Conversation
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <laurentsimon@google.com>
laurentsimon
commented
Mar 25, 2024
| @@ -1,3 +1,13 @@ | |||
| ### [v2.5.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.5.1) | |||
|
|
|||
| 6246ff80cbd3d272bf843d72d1562cafb7c59b45b5b555fbee92df90547b4256 slsa-verifier-darwin-amd64 | |||
Contributor
Author
There was a problem hiding this comment.
those are the hashes to verify
kpk47
approved these changes
Mar 25, 2024
Contributor
kpk47
left a comment
There was a problem hiding this comment.
I checked the digests. Everything looks good.
ramonpetgrave64
pushed a commit
to ramonpetgrave64/slsa-verifier
that referenced
this pull request
Apr 10, 2024
This sets the expected sha256 of the v2.5.1 slsa-verifier released binary. How to LGTM this PR (I'll work on a proper doc for this in slsa-framework/slsa-github-generator#112): 1. Download the binary and provenance from https://github.com/slsa-framework/slsa-verifier/releases/tag/v0.0.1 2. Clone the slsa-verifier repo, compile and verify the provenance using the steps described in https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance ``` $ git clone git@github.com:slsa-framework/slsa-verifier.git $ cd slsa-verifier $ bash verify-release.sh v2.5.1 ``` The output hash should be the hash I'm updating to in this PR. If they match, LGTM. If they don't, someone tampered with the released binary and don't LGTM --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This sets the expected sha256 of the v2.5.1 slsa-verifier released binary.
How to LGTM this PR (I'll work on a proper doc for this in slsa-framework/slsa-github-generator#112):
The output hash should be the hash I'm updating to in this PR. If they match, LGTM. If they don't, someone tampered with the released binary and don't LGTM