diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index c8067a02d..f74c04796 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -27,10 +27,7 @@ builds:
# Archive configuration
archives:
- id: default
- format: tar.gz
- files:
- - LICENSE
- - README.md
+ formats: ["zip", "tar.gz"]
changelog:
sort: asc
@@ -48,7 +45,14 @@ release:
prerelease: false
binary_signs:
- - {}
+ - cmd: gpg
+ args:
+ - --output
+ - "${signature}"
+ - --detach-sign
+ - "${artifact}"
+ signature: ${artifact}_{{ .Os }}_{{ .Arch }}.sig
+ artifacts: binary
signs:
- artifacts: checksum
diff --git a/docs/install.md b/docs/install.md
index 9c29f5320..65265f989 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -16,7 +16,7 @@ brew install windsor
## Manual Installation
-=== "MacOS"
+=== "MacOS (ARM64)"
```bash
curl -L -o windsor_{{ config.extra.release_version }}_darwin_arm64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_arm64.tar.gz && \
tar -xzf windsor_{{ config.extra.release_version }}_darwin_arm64.tar.gz -C /usr/local/bin && \
@@ -31,24 +31,83 @@ brew install windsor
1. **Import the Public Key**
```bash
gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }}
+ ```
+
+ 2. **Download the binary signature file**:
+ ```bash
+ curl -L -o windsor_darwin_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_darwin_arm64.sig
+ ```
+
+ 3. **Verify the binary signature**:
+ ```bash
+ gpg --verify windsor_darwin_arm64.sig /usr/local/bin/windsor
```
- 2. **Download the signature file**:
+ 4. **Download the checksum signature file**:
```bash
curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig
+
+ ```
+ 5. **Download the checksum file**:
+ ```bash
+ curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt
+ ```
+
+ 6. **Verify the checksums signature**:
+ ```bash
+ gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt
```
- 3. **Download the checksum file**:
+ 7. **Verify the checksum**:
+ ```bash
+ shasum -a 256 -c windsor_{{ config.extra.release_version }}_checksums.txt
+ ```
+
+
+
+=== "MacOS (AMD64)"
+ ```bash
+ curl -L -o windsor_{{ config.extra.release_version }}_darwin_amd64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_amd64.tar.gz && \
+ tar -xzf windsor_{{ config.extra.release_version }}_darwin_amd64.tar.gz -C /usr/local/bin && \
+ chmod +x /usr/local/bin/windsor
+ ```
+
+
+ Verify the signature and checksum of the Windsor binary
+
+ To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications.
+
+ 1. **Import the Public Key**
+ ```bash
+ gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }}
+ ```
+
+ 2. **Download the binary signature file**:
+ ```bash
+ curl -L -o windsor_darwin_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_darwin_amd64.sig
+ ```
+
+ 3. **Verify the binary signature**:
+ ```bash
+ gpg --verify windsor_darwin_amd64.sig /usr/local/bin/windsor
+ ```
+
+ 4. **Download the checksum signature file**:
+ ```bash
+ curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig
+ ```
+
+ 5. **Download the checksum file**:
```bash
curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt
```
- 4. **Verify the Signature**:
+ 6. **Verify the checksums signature**:
```bash
gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt
```
- 5. **Verify the Checksum**:
+ 7. **Verify the checksum**:
```bash
shasum -a 256 -c windsor_{{ config.extra.release_version }}_checksums.txt
```
@@ -74,28 +133,88 @@ brew install windsor
gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }}
```
- 2. **Download the signature file**:
+ 2. **Download the binary signature file**:
+ ```powershell
+ Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor.exe_windows_amd64.sig" -OutFile "windsor.exe_windows_amd64.sig"
+ ```
+
+ 3. **Verify the binary signature**:
+ ```powershell
+ gpg --verify windsor.exe_windows_amd64.sig "C:\Program Files\Windsor\windsor.exe"
+ ```
+
+ 4. **Download the checksum signature file**:
```powershell
Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig" -OutFile "windsor_{{ config.extra.release_version }}_checksums.txt.sig"
```
- 3. **Download the checksum file**:
+ 5. **Download the checksum file**:
```powershell
Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt" -OutFile "windsor_{{ config.extra.release_version }}_checksums.txt"
```
- 4. **Verify the Signature**:
+ 6. **Verify the checksums signature**:
```powershell
gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt
```
- 5. **Verify the Checksum**:
+ 7. **Verify the checksums**:
```powershell
Get-FileHash -Algorithm SHA256 -Path "windsor_{{ config.extra.release_version }}_checksums.txt" | Format-List
```
-=== "Linux"
+=== "Linux (ARM64)"
+
+ ```bash
+ curl -L -o windsor_{{ config.extra.release_version }}_linux_arm64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_arm64.tar.gz && \
+ sudo tar -xzf windsor_{{ config.extra.release_version }}_linux_arm64.tar.gz -C /usr/local/bin && \
+ sudo chmod +x /usr/local/bin/windsor
+ ```
+
+
+ Verify the signature and checksum of the Windsor binary
+
+ To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications.
+
+ 1. **Import the Public Key**
+ ```bash
+ gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }}
+ ```
+ 2. **Download the binary signature file**:
+ ```bash
+ curl -L -o windsor_linux_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_linux_arm64.sig
+ ```
+
+ 3. **Verify the binary signature**:
+ ```bash
+ gpg --verify windsor_linux_arm64.sig /usr/local/bin/windsor
+ ```
+
+ 4. **Download the checksum signature file**:
+ ```bash
+ curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig
+ ```
+
+ 5. **Download the checksum file**:
+ ```bash
+ curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt
+ ```
+
+ 6. **Verify the checksums signature**:
+ ```bash
+ gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt
+ ```
+
+ 7. **Verify the checksums**:
+ ```bash
+ sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt
+ ```
+
+
+
+=== "Linux (AMD64)"
+
```bash
curl -L -o windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz && \
sudo tar -xzf windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz -C /usr/local/bin && \
@@ -111,23 +230,32 @@ brew install windsor
```bash
gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }}
```
+ 2. **Download the binary signature file**:
+ ```bash
+ curl -L -o windsor_linux_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_linux_amd64.sig
+ ```
+
+ 3. **Verify the binary signature**:
+ ```bash
+ gpg --verify windsor_linux_amd64.sig /usr/local/bin/windsor
+ ```
- 2. **Download the signature file**:
+ 4. **Download the checksum signature file**:
```bash
curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig
```
- 3. **Download the checksum file**:
+ 5. **Download the checksum file**:
```bash
curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt
```
- 4. **Verify the Signature**:
+ 6. **Verify the checksums signature**:
```bash
gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt
```
- 5. **Verify the Checksum**:
+ 7. **Verify the checksums**:
```bash
sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt
```