From 26412140752a60fd614cd8f758a68506e5736973 Mon Sep 17 00:00:00 2001 From: Todd VanGundy Date: Mon, 24 Feb 2025 14:15:05 -0500 Subject: [PATCH 1/3] gorelease-updates --- .goreleaser.yaml | 14 ++++-- docs/install.md | 118 +++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 114 insertions(+), 18 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index c8067a02d..f74c04796 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -27,10 +27,7 @@ builds: # Archive configuration archives: - id: default - format: tar.gz - files: - - LICENSE - - README.md + formats: ["zip", "tar.gz"] changelog: sort: asc @@ -48,7 +45,14 @@ release: prerelease: false binary_signs: - - {} + - cmd: gpg + args: + - --output + - "${signature}" + - --detach-sign + - "${artifact}" + signature: ${artifact}_{{ .Os }}_{{ .Arch }}.sig + artifacts: binary signs: - artifacts: checksum diff --git a/docs/install.md b/docs/install.md index 9c29f5320..4ea1dc36b 100644 --- a/docs/install.md +++ b/docs/install.md @@ -29,26 +29,59 @@ brew install windsor To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. 1. **Import the Public Key** + ```bash gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} + ``` + + 2. **Download the binary signature file**: + + For ARM64: + + ```bash + curl -L -o windsor_{{ config.extra.release_version }}_darwin_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_arm64.sig + ``` + + For AMD64: + + ```bash + curl -L -o windsor_{{ config.extra.release_version }}_darwin_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_amd64_v1.sig + ``` + + 3. **Verify the binary Signature**: + + For ARM64: + + ```bash + gpg --verify windsor_{{ config.extra.release_version }}_darwin_arm64.sig /usr/local/bin/windsor ``` - 2. **Download the signature file**: + For AMD64: + + ```bash + gpg --verify windsor_{{ config.extra.release_version }}_darwin_amd64.sig /usr/local/bin/windsor + ``` + + 4. **Download the checksum signature file**: + ```bash curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig ``` - 3. **Download the checksum file**: + 5. **Download the checksum file**: + ```bash curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt ``` - 4. **Verify the Signature**: + 6. **Verify the checksums Signature**: + ```bash gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt ``` - 5. **Verify the Checksum**: + 7. **Verify the Checksum**: + ```bash shasum -a 256 -c windsor_{{ config.extra.release_version }}_checksums.txt ``` @@ -70,32 +103,50 @@ brew install windsor To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. 1. **Import the Public Key** + ```powershell gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} ``` - 2. **Download the signature file**: + 2. **Download the binary signature file**: + + ```powershell + Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor.exe_{{ config.extra.release_version }}_windows_amd64.sig" -OutFile "windsor.exe_{{ config.extra.release_version }}_windows_amd64.sig" + ``` + + 3. **Verify the binary Signature**: + + ```powershell + gpg --verify windsor.exe_{{ config.extra.release_version }}_windows_amd64.sig "C:\Program Files\Windsor\windsor.exe" + ``` + + 4. **Download the checksum signature file**: + ```powershell Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig" -OutFile "windsor_{{ config.extra.release_version }}_checksums.txt.sig" ``` - 3. **Download the checksum file**: + 5. **Download the checksum file**: + ```powershell Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt" -OutFile "windsor_{{ config.extra.release_version }}_checksums.txt" ``` - 4. **Verify the Signature**: + 6. **Verify the checksums Signature**: + ```powershell gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt ``` - 5. **Verify the Checksum**: + 7. **Verify the checksums**: + ```powershell Get-FileHash -Algorithm SHA256 -Path "windsor_{{ config.extra.release_version }}_checksums.txt" | Format-List ``` === "Linux" + ```bash curl -L -o windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz && \ sudo tar -xzf windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz -C /usr/local/bin && \ @@ -108,30 +159,71 @@ brew install windsor To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. 1. **Import the Public Key** + ```bash gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} ``` - 2. **Download the signature file**: + 2. **Download the binary signature file**: + + For AMD64: + ```bash - curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig + curl -L -o windsor_{{ config.extra.release_version }}_linux_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_amd64.sig + ``` + + For ARM64: + + ```bash + curl -L -o windsor_{{ config.extra.release_version }}_linux_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_arm64.sig + ``` + + 3. **Verify the binary Signature**: + + For AMD64: + + ```bash + gpg --verify windsor_{{ config.extra.release_version }}_linux_amd64.sig /usr/local/bin/windsor ``` - 3. **Download the checksum file**: + For ARM64: + + ```bash + gpg --verify windsor_{{ config.extra.release_version }}_linux_arm64.sig /usr/local/bin/windsor + ``` + + 4. **Download the checksum signature file**: + + For AMD64: + ```bash curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt ``` - 4. **Verify the Signature**: + For ARM64: + + ```bash + + + 5. **Verify the checksums Signature**: ```bash gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt ``` - 5. **Verify the Checksum**: + 6. **Verify the checksums**: + + For AMD64: + ```bash sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt ``` + For ARM64: + + ```bash + sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt + ``` + ## Version Check From 4731f2128b681ba4eacaac971c969527703f6974 Mon Sep 17 00:00:00 2001 From: Todd VanGundy Date: Wed, 26 Feb 2025 07:10:12 -0500 Subject: [PATCH 2/3] updated format --- docs/install.md | 155 +++++++++++++++++++++++++++++------------------- 1 file changed, 95 insertions(+), 60 deletions(-) diff --git a/docs/install.md b/docs/install.md index 4ea1dc36b..dbb58d34f 100644 --- a/docs/install.md +++ b/docs/install.md @@ -16,7 +16,7 @@ brew install windsor ## Manual Installation -=== "MacOS" +=== "MacOS (ARM64)" ```bash curl -L -o windsor_{{ config.extra.release_version }}_darwin_arm64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_arm64.tar.gz && \ tar -xzf windsor_{{ config.extra.release_version }}_darwin_arm64.tar.gz -C /usr/local/bin && \ @@ -29,59 +29,84 @@ brew install windsor To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. 1. **Import the Public Key** - ```bash gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} ``` 2. **Download the binary signature file**: + ```bash + curl -L -o windsor_darwin_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_darwin_arm64.sig + ``` - For ARM64: + 3. **Verify the binary signature**: + ```bash + gpg --verify windsor_darwin_arm64.sig /usr/local/bin/windsor + ``` + 4. **Download the checksum signature file**: ```bash - curl -L -o windsor_{{ config.extra.release_version }}_darwin_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_arm64.sig + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig + ``` + 5. **Download the checksum file**: + ```bash + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt ``` - - For AMD64: + 6. **Verify the checksums signature**: ```bash - curl -L -o windsor_{{ config.extra.release_version }}_darwin_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_amd64_v1.sig + gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt ``` - 3. **Verify the binary Signature**: + 7. **Verify the checksum**: + ```bash + shasum -a 256 -c windsor_{{ config.extra.release_version }}_checksums.txt + ``` - For ARM64: + +=== "MacOS (AMD64)" ```bash - gpg --verify windsor_{{ config.extra.release_version }}_darwin_arm64.sig /usr/local/bin/windsor + curl -L -o windsor_{{ config.extra.release_version }}_darwin_amd64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_darwin_amd64.tar.gz && \ + tar -xzf windsor_{{ config.extra.release_version }}_darwin_amd64.tar.gz -C /usr/local/bin && \ + chmod +x /usr/local/bin/windsor ``` - For AMD64: +
+ Verify the signature and checksum of the Windsor binary + + To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. + 1. **Import the Public Key** ```bash - gpg --verify windsor_{{ config.extra.release_version }}_darwin_amd64.sig /usr/local/bin/windsor + gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} + ``` + + 2. **Download the binary signature file**: + ```bash + curl -L -o windsor_darwin_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_darwin_amd64.sig ``` - 4. **Download the checksum signature file**: + 3. **Verify the binary signature**: + ```bash + gpg --verify windsor_darwin_amd64.sig /usr/local/bin/windsor + ``` + 4. **Download the checksum signature file**: ```bash curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig ``` 5. **Download the checksum file**: - ```bash curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt ``` - 6. **Verify the checksums Signature**: - + 6. **Verify the checksums signature**: ```bash gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt ``` - 7. **Verify the Checksum**: - + 7. **Verify the checksum**: ```bash shasum -a 256 -c windsor_{{ config.extra.release_version }}_checksums.txt ``` @@ -103,53 +128,46 @@ brew install windsor To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. 1. **Import the Public Key** - ```powershell gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} ``` 2. **Download the binary signature file**: - ```powershell - Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor.exe_{{ config.extra.release_version }}_windows_amd64.sig" -OutFile "windsor.exe_{{ config.extra.release_version }}_windows_amd64.sig" + Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor.exe_windows_amd64.sig" -OutFile "windsor.exe_windows_amd64.sig" ``` - 3. **Verify the binary Signature**: - + 3. **Verify the binary signature**: ```powershell - gpg --verify windsor.exe_{{ config.extra.release_version }}_windows_amd64.sig "C:\Program Files\Windsor\windsor.exe" + gpg --verify windsor.exe_windows_amd64.sig "C:\Program Files\Windsor\windsor.exe" ``` 4. **Download the checksum signature file**: - ```powershell Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig" -OutFile "windsor_{{ config.extra.release_version }}_checksums.txt.sig" ``` 5. **Download the checksum file**: - ```powershell Invoke-WebRequest -Uri "https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt" -OutFile "windsor_{{ config.extra.release_version }}_checksums.txt" ``` - 6. **Verify the checksums Signature**: - + 6. **Verify the checksums signature**: ```powershell gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt ``` 7. **Verify the checksums**: - ```powershell Get-FileHash -Algorithm SHA256 -Path "windsor_{{ config.extra.release_version }}_checksums.txt" | Format-List ```
-=== "Linux" +=== "Linux (ARM64)" ```bash - curl -L -o windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz && \ - sudo tar -xzf windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz -C /usr/local/bin && \ + curl -L -o windsor_{{ config.extra.release_version }}_linux_arm64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_arm64.tar.gz && \ + sudo tar -xzf windsor_{{ config.extra.release_version }}_linux_arm64.tar.gz -C /usr/local/bin && \ sudo chmod +x /usr/local/bin/windsor ``` @@ -159,69 +177,86 @@ brew install windsor To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. 1. **Import the Public Key** - ```bash gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} ``` - 2. **Download the binary signature file**: - - For AMD64: - ```bash - curl -L -o windsor_{{ config.extra.release_version }}_linux_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_amd64.sig + curl -L -o windsor_linux_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_linux_arm64.sig ``` - For ARM64: + 3. **Verify the binary signature**: + ```bash + gpg --verify windsor_linux_arm64.sig /usr/local/bin/windsor + ``` + 4. **Download the checksum signature file**: ```bash - curl -L -o windsor_{{ config.extra.release_version }}_linux_arm64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_arm64.sig + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt ``` - 3. **Verify the binary Signature**: + 5. **Download the checksum file**: + ```bash + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt + ``` - For AMD64: + 6. **Verify the checksums signature**: + ```bash + gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt + ``` + 7. **Verify the checksums**: ```bash - gpg --verify windsor_{{ config.extra.release_version }}_linux_amd64.sig /usr/local/bin/windsor + sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt ``` - For ARM64: + + +=== "Linux (AMD64)" ```bash - gpg --verify windsor_{{ config.extra.release_version }}_linux_arm64.sig /usr/local/bin/windsor + curl -L -o windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz && \ + sudo tar -xzf windsor_{{ config.extra.release_version }}_linux_amd64.tar.gz -C /usr/local/bin && \ + sudo chmod +x /usr/local/bin/windsor ``` - 4. **Download the checksum signature file**: +
+ Verify the signature and checksum of the Windsor binary - For AMD64: + To enhance security and confirm the integrity of your Windsor CLI installation, it is crucial to verify the downloaded binary. This involves checking the signature and checksum of the binary to ensure it has not been tampered with and is safe for use on your system. Follow the steps below to perform these verifications. + 1. **Import the Public Key** ```bash - curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt + gpg --keyserver keys.openpgp.org --recv-keys {{ config.extra.public_key_id }} + ``` + 2. **Download the binary signature file**: + ```bash + curl -L -o windsor_linux_amd64.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_linux_amd64.sig ``` - For ARM64: + 3. **Verify the binary signature**: + ```bash + gpg --verify windsor_linux_amd64.sig /usr/local/bin/windsor + ``` + 4. **Download the checksum signature file**: ```bash + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt + ``` - - 5. **Verify the checksums Signature**: + 5. **Download the checksum file**: ```bash - gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt ``` - 6. **Verify the checksums**: - - For AMD64: - + 6. **Verify the checksums signature**: ```bash - sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt + gpg --verify windsor_{{ config.extra.release_version }}_checksums.txt.sig windsor_{{ config.extra.release_version }}_checksums.txt ``` - For ARM64: - + 7. **Verify the checksums**: ```bash - sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt + sha256sum -c windsor_{{ config.extra.release_version }}_checksums.txt ```
From 966acb96e922428f41141716ece22251903e869c Mon Sep 17 00:00:00 2001 From: Todd VanGundy Date: Wed, 26 Feb 2025 07:15:52 -0500 Subject: [PATCH 3/3] updated format --- docs/install.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/install.md b/docs/install.md index dbb58d34f..65265f989 100644 --- a/docs/install.md +++ b/docs/install.md @@ -46,6 +46,7 @@ brew install windsor 4. **Download the checksum signature file**: ```bash curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig + ``` 5. **Download the checksum file**: ```bash @@ -192,7 +193,7 @@ brew install windsor 4. **Download the checksum signature file**: ```bash - curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig ``` 5. **Download the checksum file**: @@ -241,9 +242,9 @@ brew install windsor 4. **Download the checksum signature file**: ```bash - curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt + curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt.sig https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt.sig ``` - + 5. **Download the checksum file**: ```bash curl -L -o windsor_{{ config.extra.release_version }}_checksums.txt https://github.com/windsorcli/cli/releases/download/v{{ config.extra.release_version }}/windsor_{{ config.extra.release_version }}_checksums.txt