a117582d8c
* build: use nix flake Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> * docs: fmt --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
3.4 KiB
Install
You can install the pre-compiled binary (in several ways), use Docker or compile from source.
Bellow you can find the steps for each of them.
Install the pre-compiled binary
homebrew tap
brew install goreleaser/tap/nfpm
homebrew
brew install nfpm
!!! info
The [formula in homebrew-core](https://github.com/Homebrew/homebrew-core/blob/master/Formula/n/nfpm.rb) might be slightly outdated.
Use our homebrew tap to always get the latest updates.
scoop
scoop bucket add goreleaser https://github.com/goreleaser/scoop-bucket.git
scoop install nfpm
apt
echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
sudo apt update
sudo apt install nfpm
yum
echo '[goreleaser]
name=GoReleaser
baseurl=https://repo.goreleaser.com/yum/
enabled=1
gpgcheck=0' | sudo tee /etc/yum.repos.d/goreleaser.repo
sudo yum install nfpm
deb, apk and rpm packages
Download the .deb, .rpm or .apk from the releases page and
install them with the appropriate tools.
go install
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
manually
Download the pre-compiled binaries from the releases page and copy them to the desired location.
Verifying the artifacts
binaries
All artifacts are checksummed, and the checksum is signed with cosign.
-
Download the files you want, the
checksums.txtandchecksums.txt.sigfiles from the releases page:wget 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt' -
Verify the signature:
cosign verify-blob \ --certificate-identity 'https://github.com/goreleaser/nfpm/.github/workflows/release.yml@refs/tags/__VERSION__' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ --signature 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.sig' \ --cert 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.pem' \ checksums.txt -
If the signature is valid, you can then verify the SHA256 sums match with the downloaded binary:
sha256sum --ignore-missing -c checksums.txt
docker images
Our Docker images are signed with cosign.
Verify the signature:
cosign verify goreleaser/nfpm
cosign verify ghcr.io/goreleaser/nfpm
Running with Docker
You can also use it within a Docker container. To do that, you'll need to execute something more-or-less like the following:
docker run --rm -v $PWD:/tmp -w /tmp goreleaser/nfpm package \
--config /tmp/pkg/foo.yml \
--target /tmp \
--packager deb
Packaging status
Compiling from source
Here you have two options:
If you want to contribute to the project, please follow the steps on our contributing guide.
If you just want to build from source for whatever reason, follow these steps:
clone:
git clone https://github.com/goreleaser/nfpm
cd nfpm
get the dependencies:
go mod tidy
build:
go build -o nfpm ./cmd/nfpm
verify it works:
./nfpm --version