Verifying Signed Binaries#
K0smotron team provides signed binaries for k0s. The signatures are created using cosign.
Public key and signature files are available for download from the releases page.
Binaries can be verified using the cosign
tool, for example:
cosign verify-blob \
--key https://github.com/k0sproject/k0s/releases/download/v1.31.3%2Bk0s.0/cosign.pub \
--signature https://github.com/k0sproject/k0s/releases/download/v1.31.3%2Bk0s.0/k0s-v1.31.3+k0s.0-amd64.sig \
--payload k0s-v1.31.3+k0s.0-amd64