Skip to content

v0.1.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@dlorenc dlorenc released this 20 Mar 00:49
· 2482 commits to main since this release
083406c

There were some ups and downs in today's release, but it's finally time to ride the cosign wave! After battling some last minute test flakes that were popping up at an alarming frequency and running in circles trying to squaring up loose ends, I couldn't find any other tangents to go off on. The first release is here!

My only regret is not thinking to get this release out on Pi day :(

The release is available here in this repo, and on Google Cloud Storage in the bucket cosign-releases. You can find that here:

$ gsutil ls gs://cosign-releases/v0.1.0
gs://cosign-releases/v0.1.0/cosign
gs://cosign-releases/v0.1.0/cosign.sha256
gs://cosign-releases/v0.1.0/cosign.sig

Check out the full CHANGELOG.md for the details, but here are some highlights and lowlights:

Enhancements

This release added a feature to cosign called cosign. The cosign feature can be used to sign container images and blobs.

Bug Fixes

There was no way to sign container images. Now there is!

Known Issues

This release only contains a linux/amd64 binary. You can build and install cosign on other platforms with go install, but the main goal of v0.1.0 is to get a working build we can start packing to make signing releases of other tools easier. We'll add other platforms to the next set of releases!

Contributors

Thanks to everyone who conributed to this release!

  • dlorenc
  • priyawadhwa
  • Ahmet Alp Balkan
  • Ivan Font
  • Jason Hall
  • Chris Norman
  • Jon Johnson
  • Kim Lewandowski
  • Luke Hinds
  • Bob Callaway

Verifying

This release was self-signed! It was built in this Action run: https://github.com/sigstore/cosign/actions/runs/669626925

The public key used to sign this release is located here: https://github.com/sigstore/cosign/blob/083406c6e85284ded34af96048361d1e8c887e50/.github/workflows/cosign.pub

You should be able to verify it with the cosign verify-blob command using this key. Good luck!