slsa-verifier

github/slsa-verifier

Fork 0

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-20 15:32:52 +00:00

Commit Graph

Author	SHA1	Message	Date
laurentsimon	d23c97947e	chore: Update doc for v2.4.0 (#699 ) How to LGTM this PR (I'll work on a proper doc for this in https://github.com/slsa-framework/slsa-github-generator/issues/112): 1. Clone repo ``` $ git clone git@github.com:slsa-framework/slsa-verifier.git $ cd slsa-verifier $ bash verify-release.sh v2.4.0 # NOTE: use the file in _this_ PR. # Note down the path to the temporary dir use. The bash script will print its first line as "INFO: using dir: /tmp/tmp.VaYi6HfbmL" ``` 2. Run command below and compare to SHA256SUM.md in this PR ``` $sha256sum /tmp/tmp.VaYi6HfbmL/* ``` The output hash should be the hash I'm updating to in this PR. If they match, LGTM. If they don't, someone tampered with the released binary and don't LGTM --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-25 12:09:40 -07:00

Author

SHA1

Message

Date

laurentsimon

d23c97947e

chore: Update doc for v2.4.0 (#699 )

How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112):

1.  Clone repo
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git 
$ cd slsa-verifier
$ bash verify-release.sh v2.4.0 # NOTE: use the file in _this_ PR.
# Note down the path to the temporary dir use. The bash script will print its first line as "INFO: using dir: /tmp/tmp.VaYi6HfbmL"
```
2. Run command below and compare to SHA256SUM.md in this PR
```
$sha256sum /tmp/tmp.VaYi6HfbmL/*
```

The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>

2023-08-25 12:09:40 -07:00

1 Commits