Releases: lunal-dev/kettle
v0.1.1
The security of reproducible builds, without having to constantly rewrite your build system to ensure every build is byte-for-byte identical.
Use Kettle to create and verify attested builds, binaries with cryptographic signatures showing exactly what source code, dependencies, and toolchains were used to create them.
Kettle uses Trusted Execution Environments to sign builds using hardware attestation, which means builds can be verified using hardware certificates published by Intel and AMD, cryptographically linking binaries to the exact source used to create them.
For a full tour of Kettle's design, architecture, and security guarantees, read our guide to attested builds.
- What are Attested Builds?
- How Attested Builds Work
- Provenance and Standards
- Threat Model and Security Boundaries
Install kettle 0.1.1
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/lunal-dev/kettle/releases/download/v0.1.1/kettle-installer.sh | shDownload kettle 0.1.1
The build named tee-kettle is built against libtss2, and is able to attest builds when run inside a TEE with SNP, SEV, or TDX. The other platforms are able to create builds and verify attestations, but cannot create attestations themselves.
| File | Platform | Checksum |
|---|---|---|
| tee-kettle-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
| kettle-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| kettle-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| kettle-aarch64-unknown-linux-gnu.tar.xz | ARM64 Linux | checksum |
| kettle-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
| kettle-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Download example attested builds
The example attested builds can be verified by downloading, decompressing, and then running kettle verify <directory>.
| File | Project | Checksum |
|---|---|---|
| alejandra-build.tar.gz | kamadorueda/alejandra | checksum |
| ripgrep-build.tar.gz | burntsushi/ripgrep | checksum |
Version 0.1.0
The security of reproducible builds, without having to constantly rewrite your build system to ensure every build is byte-for-byte identical.
Use Kettle to create and verify attested builds, binaries with cryptographic signatures showing exactly what source code, dependencies, and toolchains were used to create them.
Kettle uses Trusted Execution Environments to sign builds using hardware attestation, which means builds can be verified using hardware certificates published by Intel and AMD, cryptographically linking binaries to the exact source used to create them.
For a full tour of Kettle's design, architecture, and security guarantees, read our guide to attested builds.
- What are Attested Builds?
- How Attested Builds Work
- Provenance and Standards
- Threat Model and Security Boundaries
The attested build of Kettle zipped and attached to this release can be verified using Kettle. Just download, unzip, and run kettle verify kettle-attested.