We sign our binary using cosign and the verification instructions are not documented anywhere. This issue tracks documenting instructions to verify the binary that binary.
Below are the instructions to verify the binary using cosign for v1.1.o
release of karmor.
$ curl -LO https://github.com/kubearmor/kubearmor-client/releases/download/v1.1.0/karmor_1.1.0_linux_amd64.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
100 21.7M 100 21.7M 0 0 956k 0 0:00:23 0:00:23 --:--:-- 1245k
$ curl -LO https://github.com/kubearmor/kubearmor-client/releases/download/v1.1.0/karmor_1.1.0_linux_amd64.tar.gz.cert
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
100 3264 100 3264 0 0 617 0 0:00:05 0:00:05 --:--:-- 2710
$ curl -LO https://github.com/kubearmor/kubearmor-client/releases/download/v1.1.0/karmor_1.1.0_linux_amd64.tar.gz.sig
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 96 100 96 0 0 34 0 0:00:02 0:00:02 --:--:-- 151
$ cosign verify-blob karmor_1.1.0_linux_amd64.tar.gz --certificate-identity=https://github.com/kubearmor/kubearmor-client/.github/workflows/release.yml@refs/tags/v1.1.0 --certificate-oidc-issuer=https://token.actions.githubusercontent.com --signature karmor_1.1.0_linux_amd64.tar.gz.sig --certificate karmor_1.1.0_linux_amd64.tar.gz.cert
Verified OK
We sign our binary using cosign and the verification instructions are not documented anywhere. This issue tracks documenting instructions to verify the binary that binary.
Below are the instructions to verify the binary using cosign for
v1.1.o
release of karmor.