Browse docs

Release Verification

This page covers release-side offline verification for published InvarLock artifacts. It does not describe proof-pack verification. Proof packs remain the mechanism for evaluation evidence; release bundles cover wheels, source tarballs, and supply-chain metadata attached to GitHub Releases.

What a tagged release contains

Tagged GitHub Releases publish:

  • distribution artifacts (*.whl, *.tar.gz)
  • Sigstore sidecars for those distributions
  • a CycloneDX SBOM
  • the GitHub build-provenance bundle captured during release publishing
  • invarlock-<version>-offline-bundle.tar.gz

The offline bundle is a convenience archive for procurement and security review. It groups the release materials that would otherwise be downloaded separately.

Offline bundle contents

The offline bundle is generated by scripts/release/make_offline_bundle.sh and contains:

  • dist/ with the published wheel/sdist and their Sigstore sidecars
  • provenance/ with the GitHub provenance bundle
  • invarlock-<version>-sbom.cdx.json
  • release_manifest.json
  • public_key_hints.txt
  • README.txt

The bundle tarball itself is also Sigstore-signed during the release workflow.

  1. Verify the offline bundle tarball itself with its Sigstore sidecar.
  2. Extract the archive.
  3. Compare distribution hashes in release_manifest.json against the files in dist/.
  4. Verify each distribution artifact with its corresponding *.sigstore.json bundle and the expected GitHub tag identity.
  5. Review provenance/ for the GitHub build-provenance attestation.
  6. Review invarlock-<version>-sbom.cdx.json with an offline CycloneDX-capable scanner.

Example for one distribution artifact:

cosign verify-blob dist/invarlock-<version>-py3-none-any.whl \
  --bundle dist/invarlock-<version>-py3-none-any.whl.sigstore.json \
  --certificate-identity "repo:invarlock/invarlock@refs/tags/v<version>" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

Notes

  • Release verification and proof-pack verification are intentionally separate.
  • Proof packs use signed manifest.json + checksums.sha256 + invarlock proof-pack verify (repo workflows may still use verify_pack.sh).
  • Release bundles use Sigstore-signed distribution artifacts plus the GitHub provenance bundle and release manifest.
  • GPG detached signatures are not currently part of the release offline bundle.