Attestations
Verifying your downloaded files...
Last updated
Verifying your downloaded files...
Last updated
You can verify the integrity of all the release assets in any of our projects (whether it's a binary release or a documentation) using the two methods:
GitHub Attestations
Manual Hashing
GitHub have recently introduced a new feature that allows you to verify a binary artifact that a workflow has generated, called the . To verify your download, once you've downloaded one of the ZIP files, follow these steps:
Install or higher.
Sign in to your GitHub account using gh auth login.
Run this command: gh attestation verify <version>-bin.zip --owner Aptivi, where <version> is a version of Nitrocid that you've downloaded.
If everything is OK, you should see the below message, such as one for Nitrocid KS 0.1.0.10:
If you've seen this error message:
Then, your download is corrupt.
After you've downloaded the ZIP file, follow these steps:
Open the appropriate release page that matches your version.
Look for a file that you've downloaded from the list of expected hash sums.
Use the sha256sum command against the file if you're running Linux, or use the Get-FileHash -Algorithm sha256 PowerShell command against the file if you're running Windows.
Compare the output.