Releases: aquaproj/aqua
v2.36.0
Pull Requests | Issues | v2.35.0...v2.36.0
Features
#3130 #3134 support changing $0 by symlink
Some tools change their behavior by $0
.
For example, granted
changes the behavior based on args[0]
.
// Use a single binary to keep keychain ACLs simple, swapping behavior via argv[0]
var app *cli.App
switch filepath.Base(os.Args[0]) {
case "assumego", "assumego.exe", "dassumego", "dassumego.exe":
app = assume.GetCliApp()
default:
app = granted.GetCliApp()
}
This release supports changing $0 by symlink.
files:
- name: granted
- name: assumego
src: granted
link: assumego # link is the relative path from src to the symlink
Bug Fixes
#3136 #3137 remove: Handle panic error when package is not found @Shion1305
#3138 remove: Ignore not found commands
v2.36.0-1
Pull Requests | Issues | v2.35.0...v2.36.0-1
Changelog
v2.35.0
Pull Requests | Issues | v2.34.0...v2.35.0
Features
#3119 #3131 Verify packages' GitHub Artifact Attestations
When aqua installs packages, it verifies their GitHub Artifact Attestations if they are provided and registries have settings for GitHub Artifact Attestations.
#3117 Create GitHub Artifact Attestations of aqua
We start providing aqua's GitHub Artifact Attestations!
https://github.com/aquaproj/aqua/attestations
If you download aqua from GitHub Releases, you can verify GitHub Artifact Attestations using GitHub CLI.
https://aquaproj.github.io/docs/install#verify-downloaded-binaries-from-github-releases
Reference:
- https://aquaproj.github.io/docs/reference/security/github-artifact-attestations
- https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
Fixes
#3129 Redirect stdout of some commands to stderr
aqua executes some os commands to install packages.
- go install
- go build
- cargo
- cosign
- slsa-verifier
- minisign
- gh attestation verify
aqua should redirect the stdout of these commands to stderr.
v2.35.0-1
Pull Requests | Issues | v2.34.0...v2.35.0-1
Changelog
- 35a83f7 Merge branch 'main' into renovate/suzuki-shunsuke-go-release-workflow-2.x
- 2d1e865 fix: redirect stdout to stderr (#3129)
- 33ebc14 Merge branch 'main' into renovate/suzuki-shunsuke-go-release-workflow-2.x
- de6fc82 refactor: refactor exec package (#3127)
- 41039e5 chore(deps): update dependency aquaproj/aqua-registry to v4.226.0 (#3128)
- 0667fc0 ci: fix permission
- b38d21f chore(deps): update actions/checkout action to v4.2.0 (#3126)
- 991e38d refactor: file verifier (#3125)
- 6e7b350 chore(deps): update dependency aquaproj/aqua-registry to v4.225.0 (#3123)
- 0a3be66 chore(deps): update suzuki-shunsuke/go-release-workflow action to v2
- d6c85f2 chore(deps): update dependency int128/ghcp to v1.13.4 (#3122)
- c27bc8e chore(deps): update dependency aquaproj/aqua-registry to v4.224.0 (#3121)
- 0cbc34c feat: verify GitHub Artifact Attestations (#3119)
- 76504cd chore(deps): update dependency rhysd/actionlint to v1.7.2 (#3120)
- f90a828 ci: split jobs for parallel tests (#3115)
- 6fc0dd2 chore(deps): update dependency aquaproj/aqua-registry to v4.223.1 (#3113)
- c436784 chore(deps): update dependency aquaproj/aqua to v2.34.0 (#3114)
- 8b73715 chore: update aqua-registry (#3112)
v2.34.0
Pull Requests | Issues | v2.33.0...v2.34.0
Features
#3103 Enabling you to verify checksum files using Minisign
You can now verify checksum files using Minisign.
e.g.
checksum:
type: github_release
asset: sha256.txt
algorithm: sha256
minisign:
type: github_release
asset: sha256.txt.minisig
public_key: RWQ/i9xseZwBVE7pEniCNjlNOeeyp4BQgdZDLQcAohxEAH5Uj5DEKjv6