Releases: MostroP2P/mostro-cli
Release list
Release v0.16.0
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.16.0
🚀 Features
- Phase 3 — transport auto-detection + get-dm v2 + docs by @grunch
- Phase 2 — protocol-v2 (NIP-44 direct) selection by @grunch
🐛 Bug Fixes
- address PR review feedback by @grunch
- harden permissions for local mnemonic database by @grunch
- treat empty TRANSPORT as unset in resolve_transport by @grunch
- wait for relay connection before first request by @grunch
- make DM-listing/follow-up fetches transport-aware (Codex review) by @grunch
- add specific error message for NotFound CantDoReason by @AndreaDiazCorreia
- wait for Mostro reply before showing success in admin cancel/settle by @AndreaDiazCorreia
- filter wait_for_dm notifications so PoW detection actually fires by @grunch
- run PoW probe concurrently with the DM wait by @grunch
- bound the post-timeout PoW probe to avoid doubling latency by @grunch
- surface explicit PoW rejection instead of generic timeout by @grunch
💼 Other
- Update CHANGELOG for version 0.16.0 by @grunch
- feat(transport): Phase 3 — auto-detection + get-dm v2 + docs by @grunch in #178
- feat(transport): Phase 2 — protocol-v2 (NIP-44 direct) selection by @grunch in #177
- chore(deps): adopt mostro-core 0.13.0 (transport-v2 foundation) by @grunch in #176
- fix(admin-disputes): confirm Mostro reply before reporting settle/cancel success by @grunch in #171
- fix(pow): filter wait_for_dm notifications so PoW detection actually fires by @grunch in #174
- fix(pow): surface explicit PoW rejection instead of generic timeout by @grunch in #173
🚜 Refactor
- rename info tag protocol_versions -> protocol_version by @grunch
📚 Documentation
- clarify v2-aware DM comment + test create_filter author pin by @grunch
- clarify v2 API name, kind-not-version gating, and compat guard by @grunch
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.16.0 by @grunch
🛡️ Security
Contributors
- @grunch made their contribution
- @AndreaDiazCorreia made their contribution
Full Changelog: v0.15.3...v0.16.0
Release v0.15.3
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.15.3
🚀 Features
- implement AddBondInvoice action by @grunch
🐛 Bug Fixes
- pin newest info event and require a bolt11 reply by @grunch
- only treat wait timeout as a successful submission by @grunch
💼 Other
- Update CHANGELOG for version 0.15.3 by @grunch
- feat(add-bond-invoice): implement AddBondInvoice action by @grunch in #169
📚 Documentation
- use short flags in the reply hint by @grunch
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.15.3 by @grunch
Contributors
- @grunch made their contribution
Full Changelog: v0.15.2...v0.15.3
Release v0.15.2
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.15.2
🐛 Bug Fixes
- use NOSTR_DISPUTE_EVENT_KIND for dispute filter by @grunch
💼 Other
- Update CHANGELOG for version 0.15.2 by @grunch
- fix(listdisputes): use NOSTR_DISPUTE_EVENT_KIND for dispute filter by @grunch in #168
- Update readme by @grunch
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.15.2 by @grunch
Contributors
- @grunch made their contribution
Full Changelog: v0.15.1...v0.15.2
Release v0.15.1
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.15.1
🚀 Features
- expose BondResolution payload on adm-settle / adm-cancel by @grunch
💼 Other
- Update CHANGELOG for version 0.15.1 by @grunch
- feat(admin): expose BondResolution payload on adm-settle / adm-cancel by @grunch in #167
- bumps mostro-core version by @grunch
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.15.1 by @grunch
Contributors
- @grunch made their contribution
Full Changelog: v0.15.0...v0.15.1
Release v0.15.0
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.15.0
🚀 Features
- bump mostro-core to 0.11.0 and handle anti-abuse bond flow by @grunch
- feat: by @arkanoider
- feat(getdmuser): show shared-key DMs (identity + admin) in getdmuser - Derive shared key from (trade_keys, identity_keys) and fetch/unwrap gift wraps so DMs sent to the user's identity appear in getdmuser. - Also derive (trade_keys, mostro_pubkey) and fetch so admin replies from the send_admin_dm_attach flow are shown. - Reuse derive_shared_key_bytes from util/messaging (same ECDH as send_admin_dm_attach). No longer use get_all_trade_and_counterparty_keys; counterparty_pubkey is not used in this setup. by @arkanoider
- added a command to send dm with attachment to admin to help disputes solving - added some docs for AI generated code by @arkanoider
🐛 Bug Fixes
- error out on malformed PayBondInvoice payload by @grunch
- fix fmt by @grunch
- scope orders_info request to identity key by @grunch
- sign restore and last-trade-index requests with identity keys by @grunch
- rabbit rants by @arkanoider
- Align DM docs/messages and validate POW env parsing by @arkanoider
- Blossom upload auth and response handling by @arkanoider
- prevent UUID truncation in listorders table by @codaMW
- meaningful error message and unit tests added by @arkanoider
- completed all the paths with new pow management by @arkanoider
- fix for giftwrap with pow creation by @arkanoider
- correct keys used for send_dm command by @arkanoider
💼 Other
- Update CHANGELOG for version 0.15.0 by @grunch
- feat: bump mostro-core to 0.11.0 and handle anti-abuse bond flow by @grunch in #166
- refactor: migrate gift-wrap to mostro-core 0.10 dual identity/trade keys by @grunch in #165
- refactor: migrate gift-wrap to mostro-core 0.9.1 nip59 module by @grunch in #164
- Shared key chat and attachment feature by @grunch in #157
- Remove unused fiat module by @grunch in #162
- Remove unused fiat module by @grunch
- fix(orders): prevent UUID truncation in listorders table by @grunch in #159
- fix for giftwrap with pow creation by @grunch in #161
- docs: add branch protection rules documentation by @grunch in #160
- Improve MOSTRO_PUBKEY resolution and remove startup panic by @grunch in #152
- resolve MOSTRO_PUBKEY from CLI flag or env without panic by @codaMW
🚜 Refactor
- migrate gift-wrap to mostro-core 0.10 dual identity/trade keys by @grunch
- migrate gift-wrap to mostro-core 0.9.1 nip59 module by @grunch
📚 Documentation
- added specifications for direct message and direct message with attachment by @arkanoider
- add branch protection rules
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.15.0 by @grunch
- typos by @arkanoider
- typo on folder by @arkanoider
Contributors
- @grunch made their contribution
- @arkanoider made their contribution
- @ made their contribution
- @codaMW made their contribution
Full Changelog: v0.14.5...v0.15.0
Release v0.14.5
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.14.5
🚀 Features
- add premium to listorders table by @arkanoider
💼 Other
- Update CHANGELOG for version 0.14.5 by @arkanoider
- Add premium percentage to list orders table by @arkanoider in #155
- Remove ln node requirement from readme by @grunch
- Remove dotenv dependency by @grunch in #150
- Rabbit fixes by @grunch
- Remove dotenv dependency by @grunch
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.14.5 by @arkanoider
Contributors
- @arkanoider made their contribution
- @grunch made their contribution
Full Changelog: v0.14.4...v0.14.5
Release v0.14.4
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.14.4
🚀 Features
- feat: used helper to get admin key ( if needed ) in all requested functions by @arkanoider
- add admin key display in execute_admin_add_solver command by @AndreaDiazCorreia
- update admin key display message in take_dispute command by @AndreaDiazCorreia
- rename NSEC_PRIVKEY to ADMIN_NSEC for clarity by @AndreaDiazCorreia
- make NSEC_PRIVKEY optional, only required for admin commands by @AndreaDiazCorreia
💼 Other
- Update CHANGELOG for version 0.14.4 by @arkanoider
- refactor: Make ADMIN_NSEC optional and rename from NSEC_PRIVKEY by @arkanoider in #149
🚜 Refactor
- extract admin keys validation into helper function by @AndreaDiazCorreia
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.14.4 by @arkanoider
Contributors
- @arkanoider made their contribution
- @AndreaDiazCorreia made their contribution
Full Changelog: v0.14.3...v0.14.4
Release v0.14.3
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.14.3
🚀 Features
- committed cargo.toml with changelog.md by @arkanoider
- added local changelog.md file creation with cargo release by @arkanoider
🐛 Bug Fixes
- correct receiver of restore session message by @arkanoider
Contributors
- @arkanoider made their contribution
Full Changelog: v0.14.2...v0.14.3
Release v0.14.2
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --import
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/arkanoider.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig.negrunch, manifest.txt.sig.arkanoider and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig.negrunch manifest.txt
gpg --verify manifest.txt.sig.arkanoider manifest.txt
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Good signature from "Francisco Calderón <fjcalderon@gmail.com>" [ultimate]
gpg: Signature made fri 10 oct 2025 11:28:03 -03
gpg: using RSA key 2E986CA1C5E7EA1635CD059C4989CC7415A43AEC
gpg: Good signature from "Arkanoider <github.913zc@simplelogin.com>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.14.2
🚀 Features
- automatic update of child order in database when a range sale order is completed, no more errors on next flow. Still a bit trickier the buy range order thing by @arkanoider
- big refactor in all the cosmetics of mostro-cli interface with user by @arkanoider
- feat: beautified lot of terminal output (thanks cursor!) by @arkanoider
🐛 Bug Fixes
- fixed from field in getdm command by @arkanoider
- removed one test related to HOME folder by @arkanoider
- clippy in gh actions fixes by @arkanoider
- tests now are ok fixed docs of code coverage by @arkanoider
- fix test for gh actions by @arkanoider
💼 Other
- Beautified lot of terminal output by @arkanoider in #146
- Merge commit 'a0aaaad2041709b1784cddb1b92b0e90450ad903' into terminal-beautify by @arkanoider
- Fix clippy errors by @grunch
- Merge commit '2a6d88f82ad5ebf59a2414be81cd8e819c5c3e6f' into terminal-beautify by @arkanoider
- Fix race condition by @grunch
- Adjust text to fir smaller screens by @grunch
- CodeRabbit Generated Unit Tests: Add 78 unit tests and comprehensive test documentation by @arkanoider in #147
- CodeRabbit Generated Unit Tests: Add 78 unit tests and comprehensive test documentation by @coderabbitai[bot]
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.14.2 by @arkanoider
- added arkanoide signature in manifest of releases by @arkanoider
- removed typo by @arkanoider
- fix fmt by @arkanoider
- some fixes on logs and added a check on take dispute to verify sender of the answer is mostro by @arkanoider
- fixed typo by @arkanoider
- typo on test number by @arkanoider
- fix fmt checks by @arkanoider
- fix in cargo.toml to remove openssl by @arkanoider
Contributors
- @arkanoider made their contribution
- @grunch made their contribution
- @coderabbitai[bot] made their contribution
Full Changelog: v0.14.1...v0.14.2
Release v0.14.1
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/MostroP2P/mostro/main/keys/negrunch.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest.txt.sig and manifest.txt are in the current directory) with:
gpg --verify manifest.txt.sig manifest.txt
gpg: Firmado el jue 03 ago 2023 15:07:05 -03
gpg: usando RSA clave 1E41631D137BA2ADE55344F73852B843679AD6F0
gpg: Firma correcta de "Francisco Calderón <fjcalderon@gmail.com>" [absoluta]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
What's Changed in v0.14.1
🐛 Bug Fixes
- reverted a rabbit fix for the moment to avoid breaking change by @arkanoider
⚙️ Miscellaneous Tasks
- Release mostro-cli version 0.14.1 by @arkanoider
Contributors
- @arkanoider made their contribution
Full Changelog: v0.14.0...v0.14.1