##### Installation
##### By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
```shell
##### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/vendir-linux-amd64
##### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir
##### Make the binary executable
chmod +x /usr/local/bin/vendir
```
##### Via Homebrew (macOS or Linux)
```shell
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
```
##### Verify checksums file signature
Install cosign on your system https://docs.sigstore.dev/system_config/installation/
The checksums file provided within the artifacts attached to this release is signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of this file, run the following commands:
```shell
##### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.sig
##### Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
```
##### Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
```shell
##### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
```
##### :sparkles: What's new
* Bumping dependencies in #390 by @rohitagg2020
* Add cache for mercurial repositories in #372 by @cdevienne
* Add cache for git repositories in #380 by @cdevienne
**Full Changelog**: https://github.com/carvel-dev/vendir/compare/v0.40.1...v0.41.0
##### :open_file_folder: Files Checksum
295714208c95c4a3602fc2308d098a7540a2b71fdc1e104f95b3816fa073852c ./vendir-darwin-amd64
3b1094bf45a9ff5c2915a986f4d7cee8480c3cab31c060445f851c48f397ee31 ./vendir-linux-amd64
555806ae50e2f8cb0f0034263ae2e29ece13a3ad2ee691d13536c33ea4728c2e ./vendir-windows-amd64.exe
f1456d6cbf11299eece2e87563caabe24309302c327c5e42a357ebeaba057a05 ./vendir-linux-arm64
f9df00c3d35cf9d15767ea9b18a668ee9627eebefe0b6d4e1e4b648d5c992ceb ./vendir-darwin-arm64
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v0.40.2->v0.41.0Release Notes
carvel-dev/vendir (carvel-dev/vendir)
### [`v0.41.0`](https://togithub.com/carvel-dev/vendir/releases/tag/v0.41.0) [Compare Source](https://togithub.com/carvel-dev/vendir/compare/v0.40.2...v0.41.0)
##### Installation ##### By downloading binary from the release For instance, if you are using Linux on an AMD64 architecture: ```shell ##### Download the binary curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/vendir-linux-amd64 ##### Move the binary in to your PATH mv vendir-linux-amd64 /usr/local/bin/vendir ##### Make the binary executable chmod +x /usr/local/bin/vendir ``` ##### Via Homebrew (macOS or Linux) ```shell $ brew tap carvel-dev/carvel $ brew install vendir $ vendir version ``` ##### Verify checksums file signature Install cosign on your system https://docs.sigstore.dev/system_config/installation/ The checksums file provided within the artifacts attached to this release is signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of this file, run the following commands: ```shell ##### Download the checksums file, certificate and signature curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.pem curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.sig ##### Verify the checksums file cosign verify-blob checksums.txt \ --certificate checksums.txt.pem \ --signature checksums.txt.sig \ --certificate-identity-regexp=https://github.com/carvel-dev \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com ``` ##### Verify binary integrity To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature. ```shell ##### Verify the binary using the checksums file sha256sum -c checksums.txt --ignore-missing ```Installation and signature verification
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.