Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/grunch/rana/main/keys/negrunch.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-negrunch.sig and manifest.txt are in the current directory) with:
gpg --verify manifest-negrunch.sig manifest.txt
gpg: Firmado el jue 03 ago 2023 15:07:05 -03
gpg: usando RSA clave 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Firma correcta de "Francisco Calderón <[email protected]>" [absoluta]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 , compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed
- Duplicated arch removed and musl instead GNU by @DesobedienteTecnologico in #45
- Adding a Dockerfile for giggles and a verbosity flag to print out any non-matching public keys just because it's pretty and slightly fun to watch. by @johnwyles in #47
- chore: removing "$ " prefix by @sigit-io in #48
- Find near matches by @chGoodchild in #50
- feat(cli): add option for no difficulty scaling by @fernandolguevara in #51
New Contributors
- @DesobedienteTecnologico made their first contribution in #45
- @johnwyles made their first contribution in #47
- @sigit-io made their first contribution in #48
- @chGoodchild made their first contribution in #50
- @fernandolguevara made their first contribution in #51
Full Changelog: v0.5.4...v0.5.5
