D
Datarim
EN RU
Skill Quality

Release Verify

Consumer-side recipe for verifying Datarim releases — sha256 → cosign verify-blob → gh attestation verify. Load on install/update from GitHub Release.

Overview

Datarim releases are published from Arcanada-one/datarim via release.yml and signed with Sigstore cosign keyless (GitHub OIDC), accompanied by a CycloneDX SBOM and SLSA L2 build provenance attestation. Never install a tarball without verifying the signature. This skill is the entry point for AI agents and operators consuming Datarim releases — canonical source: docs/release-verification.md.

When To Use

  • User says "install Datarim", "update to v*", "download latest release".
  • User asks "how to verify the tarball", "what is a cosign bundle", "why sha256 if signature exists".
  • Any instruction involving gh release download Arcanada-one/datarim or equivalent.
  • Before running any install script from a release tarball.

Not loaded for git checkout / git pull working copies — those are verified via git commit signing (separate policy).

What Ships per Release

  • datarim-<TAG>-source.tar.gz — source archive (git archive HEAD, prefix datarim-<TAG>/).
  • datarim-<TAG>-source.tar.gz.sha256 — SHA-256 checksum.
  • datarim-<TAG>-source.tar.gz.cosign.bundle — cosign signature bundle (cert + signature + Rekor inclusion proof).
  • datarim-<TAG>-sbom.cdx.json — CycloneDX SBOM.
  • datarim-<TAG>-sbom.cdx.json.cosign.bundle — cosign signature on SBOM.
  • GitHub attestation (server-side) — SLSA L2 build provenance, via gh attestation verify.

Prerequisites

  • cosign ≥ 3.0
  • gh ≥ 2.40 (for gh attestation verify)
  • sha256sum, jq (POSIX)

Verify Recipe (5 steps, all must exit 0)

TAG=v1.21.3   # replace with the release being verified

# 1. Download all release artifacts.
gh release download "$TAG" --repo Arcanada-one/datarim

# 2. Verify tarball integrity via checksum.
sha256sum -c "datarim-${TAG}-source.tar.gz.sha256"

# 3. Verify cosign signature on tarball.
cosign verify-blob \
  --bundle "datarim-${TAG}-source.tar.gz.cosign.bundle" \
  --certificate-identity "https://github.com/Arcanada-one/datarim/.github/workflows/release.yml@refs/tags/${TAG}" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  "datarim-${TAG}-source.tar.gz"

# 4. Verify cosign signature on SBOM (same identity binding).
cosign verify-blob \
  --bundle "datarim-${TAG}-sbom.cdx.json.cosign.bundle" \
  --certificate-identity "https://github.com/Arcanada-one/datarim/.github/workflows/release.yml@refs/tags/${TAG}" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  "datarim-${TAG}-sbom.cdx.json"

# 5. Verify SLSA build provenance.
gh attestation verify "datarim-${TAG}-source.tar.gz" --repo Arcanada-one/datarim

Any non-zero exit → artifact is untrusted; do not deploy.

What Each Step Proves

  • sha256sum -c — integrity. Tarball is undamaged in transit.
  • cosign verify-blob (tarball) — authenticity. The tarball was produced by release.yml on this exact tag in Arcanada-one/datarim. Signature anchored in the Sigstore Rekor public transparency log.
  • cosign verify-blob (SBOM) — SBOM produced by the same workflow run as the tarball.
  • gh attestation verify — SLSA L2 build provenance: artifact built on GitHub-hosted runners from source at this tag.

cosign verify-blob is the step that binds the tarball to its build origin. Sha256 alone proves nothing — an attacker swaps the archive and the .sha256 file together.

Counter-Examples (do not do this)

  • Pipe-to-tar without signature checkcurl … | tar -xz bypasses cryptographic verification entirely.
  • Checksum-only verificationsha256sum -c alone proves nothing if the .sha256 file is also forged.
  • Cosign without --certificate-identity — accepts any signer from the OIDC issuer; any subject can mint a cert and sign an arbitrary tarball.

Reporting Verification Failures

If cosign verify-blob or gh attestation verify fails on an official release tag — do not install. Open an issue at https://github.com/Arcanada-one/datarim/issues with the tag, command, and output. This is a potential supply-chain incident.

When It's Used

Loaded by AI agents and operators consuming Datarim releases. Referenced from CLAUDE.md § Security Mandate § S4 (Supply Chain). At divergence with docs/release-verification.md, the canonical doc wins; update this skill to match.

← All Features