The release notes have been generated for the commit range v1.28.11…cbc485d on Wed, 09 Oct 2024 10:14:40 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.cbc485d3048d34051afb798aceb45b4fbcb187f8.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/cbc485d3048d34051afb798aceb45b4fbcb187f8 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/cbc485d3048d34051afb798aceb45b4fbcb187f8 \
--signature cri-o.amd64.cbc485d3048d34051afb798aceb45b4fbcb187f8.tar.gz.sig \
--certificate cri-o.amd64.cbc485d3048d34051afb798aceb45b4fbcb187f8.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.cbc485d3048d34051afb798aceb45b4fbcb187f8.tar.gz
> bom validate -e cri-o.amd64.cbc485d3048d34051afb798aceb45b4fbcb187f8.tar.gz.spdx -d cri-o