RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/getsops/sops/releases/tag/v3.10.0 below:

Release v3.10.0 · getsops/sops · GitHub

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.linux.amd64

# Move the binary in to your PATH
mv sops-v3.10.0.linux.amd64 /usr/local/bin/sops

# Make the binary executable
chmod +x /usr/local/bin/sops

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.checksums.sig

# Verify the checksums file
cosign verify-blob sops-v3.10.0.checksums.txt \
  --certificate sops-v3.10.0.checksums.pem \
  --signature sops-v3.10.0.checksums.sig \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

# Verify the binary using the checksums file
sha256sum -c sops-v3.10.0.checksums.txt --ignore-missing

Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.10.0.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

# Download the metadata file
curl -LO  https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.intoto.jsonl

# Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
  --provenance-path sops-v3.10.0.intoto.jsonl \
  --source-uri github.com/getsops/sops \
  --source-tag v3.10.0

Container Images

The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.

These container images are available for the following architectures: linux/amd64 and linux/arm64.

GitHub Container Registry

ghcr.io/getsops/sops:v3.10.0
ghcr.io/getsops/sops:v3.10.0-alpine

Quay.io

quay.io/getsops/sops:v3.10.0
quay.io/getsops/sops:v3.10.0-alpine

Verify container image signature

The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:

cosign verify ghcr.io/getsops/sops:v3.10.0 \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  -o text

Verify container image provenance

The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.

Software Bill of Materials

The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.

What's Changed

build(deps): Bump alpine from 3.18 to 3.21 in /.release in the docker group across 1 directory by @dependabot in #1700
Convert changelog to MarkDown by @felixfontein in #1741
build(deps): Bump the go group with 7 updates by @dependabot in #1743
build(deps): Bump the go group with 9 updates by @dependabot in #1745
build(deps): Bump the rust group in /functional-tests with 2 updates by @dependabot in #1744
build(deps): Bump github/codeql-action from 3.28.5 to 3.28.8 in the ci group by @dependabot in #1746
build(deps): Bump the go group with 12 updates by @dependabot in #1751
build(deps): Bump the ci group with 4 updates by @dependabot in #1750
Add --input-type option for filestatus subcommand by @felixfontein in #1601
Use SOPS_EDITOR before EDITOR by @felixfontein in #1611
Allow users to disable version check via environment variable by @nicklasfrahm in #1684
add duplicate section support to ini store by @reindlt in #1452
stores: test for duplicate keys, reserve keyword (yaml only now) by @holiman in #1203
Add same process option for exec-env by @ricmatsui in #880
outputs: add trailing newline at the end of JSON files by @duthils in #1476
set subcommand: add --idempotent flag that will not write the file if no change happened by @felixfontein in #1754
Encrypt and decrypt time.Time objects by @felixfontein in #1759
build(deps): Bump the go group with 8 updates by @dependabot in #1763
build(deps): Bump tempfile from 3.16.0 to 3.17.0 in /functional-tests in the rust group by @dependabot in #1762
build(deps): Bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 in the ci group by @dependabot in #1761
fix(docs): typo in README.rst by @Paredev in #1765
Add SSH support for age by @haoqixu in #1692
make sure that tests do not pick keys.txt from user's HOME dir by @tomaszduda23 in #1766
support for age identity with passphrase by @tomaszduda23 in #1400
build(deps): Bump the rust group in /functional-tests with 4 updates by @dependabot in #1768
build(deps): Bump the go group with 12 updates by @dependabot in #1769
build(deps): Bump the ci group with 4 updates by @dependabot in #1770
build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 by @dependabot in #1773
feat: add age plugin support by @brianmcgee in #1641
Check GnuPG decryption result for non-empty size by @felixfontein in #1776
vendored age code: consolidate passphrase reading functionality by @felixfontein in #1775
Allow to encrypt and decrypt from stdin by @felixfontein in #1690
build(deps): Bump the go group with 11 updates by @dependabot in #1784
build(deps): Bump the ci group with 5 updates by @dependabot in #1782
build(deps): Bump serde_json from 1.0.139 to 1.0.140 in /functional-tests in the rust group; bump Rust to 1.85.0 by @dependabot in #1783
build(deps): Bump the go group with 13 updates by @dependabot in #1797
build(deps): Bump the rust group in /functional-tests with 3 updates by @dependabot in #1796
build(deps): Bump github/codeql-action from 3.28.10 to 3.28.11 in the ci group by @dependabot in #1795
build(deps): Bump the go group with 6 updates by @dependabot in #1802
build(deps): Bump tempfile from 3.18.0 to 3.19.0 in /functional-tests in the rust group by @dependabot in #1800
build(deps): Bump docker/login-action from 3.3.0 to 3.4.0 in the ci group by @dependabot in #1801
build(deps): Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #1806
goreleaser: add windows arm64 by @duthils in #1791
Add a way to set sops config location via envvar by @sledzikowy in #1701
build(deps): Bump the go group with 3 updates by @dependabot in #1809
build(deps): Bump the ci group with 5 updates by @dependabot in #1808
build(deps): Bump tempfile from 3.19.0 to 3.19.1 in /functional-tests in the rust group by @dependabot in #1807
Support --config option in publish subcommand by @felixfontein in #1779
Fix caching of Metadata.DataKey by @felixfontein in #1781
Lint by @felixfontein in #1780
updatekeys subcommand: rename GroupQuorum to ShamirThreshold by @felixfontein in #1631
If --filename-override is specified, convert it to an absolute path same as regular filenames by @felixfontein in #1793
Add support for oauth2.TokenSource in GCP KMS by @matheuscscp in #1794
Added SOPS_AGE_KEY_CMD option to age, fixes #1323 by @danilobuerger in #1811
chore: omitempty metadata to reduce the size of stored config by @cgetzen in #1571
Improve Shamir Secret Sharing code by @felixfontein in #1813
Update all dependencies by @felixfontein in #1814
Run 'gofmt -w' on all .go files by @felixfontein in #1817
Add option to explicitly check for the latest version; deprecate current default of always doing that unless disabled by @felixfontein in #1816
Build using Go 1.24 and drop support for 1.22 by @hiddeco in #1819
Support GOOGLE_OAUTH_ACCESS_TOKEN for Google Cloud Platform by @marensofier in #1578
Warn about .sops.yml files found while searching for .sops.yaml by @felixfontein in #1820
Release 3.10.0 by @felixfontein in #1815
Added support for multiarch windows release binaries by @sabre1041 in #1823

New Contributors

@reindlt made their first contribution in #1452
@ricmatsui made their first contribution in #880
@Paredev made their first contribution in #1765
@haoqixu made their first contribution in #1692
@brianmcgee made their first contribution in #1641
@sledzikowy made their first contribution in #1701
@matheuscscp made their first contribution in #1794
@danilobuerger made their first contribution in #1811
@cgetzen made their first contribution in #1571
@marensofier made their first contribution in #1578
@sabre1041 made their first contribution in #1823

Full Changelog: v3.9.4...v3.10.0

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4