#label:release v2.7.0
Updates docs to reference the new v2.7.0 release.
**How to verify**
Clone the repo and run the script described in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance.
```
git clone git@github.com:slsa-framework/slsa-verifier.git
cd slsa-verifier
chmod +x verify-release.sh
GH_TOKEN=`gh auth token` bash verify-release.sh v2.7.0
```
Using the temp directory logged from the above command
```
cd <logged temp directory from running verify-release.sh>
sha256sum * | grep -v "intoto"
36694b43ab23be234add09272e5faf77349d7e267bf65c01dc9bcdf58c4f496e slsa-verifier-darwin-amd64
84d9122ce12e0c79080844285fd5c4976407ed3463e434a1b21b0979c46b1e55 slsa-verifier-darwin-arm64
499befb675efcca9001afe6e5156891b91e71f9c07ab120a8943979f85cc82e6 slsa-verifier-linux-amd64
dc3845d7605f666a0938389c1c5735230e50b32a547867ffd351fb14df928167 slsa-verifier-linux-arm64
61ff8b1cca6ac0012b0ba906367836f64a389444766be437df2a69f71285f43b slsa-verifier-windows-amd64.exe
ddf58798049599c44caf299b6a9cf8a41760daa94ee208bdae8aa78fc75dcb2b slsa-verifier-windows-arm64.exe
```
Confirm your output checksums matches those in this PR's changes for
SHA256SUM.md.
---------
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
#label:release v2.4.1
How to LGTM this PR:
Ensure you have installed the GitHub client from https://cli.github.com.
If it is not installed in your `PATH`, set `export GH=/path/to/your/gh`
Set your `export GH_TOKEN=...`
Use [verify-release.sh](./verify-release.sh) script in this repository:
```
bash verify-release v2.4.1
```
Once it completes, you will see the last line `Verifying artifact
/tmp/tmp.SomeRanDOm/` and do:
```bash
sha256sum /tmp/tmp.SomeRanDOm/* | grep -v intoto
```
This will print out the hashes. Compare them to the changes in this PR
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112):
1. Clone repo
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.4.0 # NOTE: use the file in _this_ PR.
# Note down the path to the temporary dir use. The bash script will print its first line as "INFO: using dir: /tmp/tmp.VaYi6HfbmL"
```
2. Run command below and compare to SHA256SUM.md in this PR
```
$sha256sum /tmp/tmp.VaYi6HfbmL/*
```
The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
