Installation
With curl
Section titled “With curl”You can install Bumper by running the following command in your terminal:
curl -fsSL https://bumper.disintegrator.dev/install.sh | shWith go
Section titled “With go”go install github.com/disintegrator/bumper/cmd/bumper@latestWith mise
Section titled “With mise”mise use github:disintegrator/bumper@0.0.6APK, Debian and RPM packages
Section titled “APK, Debian and RPM packages”You can find pre-built packages for various Linux distributions on the Releases page. These can all be verified using cosign by following the steps in the next section.
Manually and verify with cosign
Section titled “Manually and verify with cosign”All release artifacts are signed using cosign with keyless signing. You can verify the authenticity of the downloaded binaries by checking the signature against the checksums file.
First, download the checksums file and its signature:
VERSION=0.0.6BASE_URL="https://github.com/disintegrator/bumper/releases/download/v$VERSION"curl -fsSLO "$BASE_URL/checksums.txt"curl -fsSLO "$BASE_URL/checksums.txt.pem"curl -fsSLO "$BASE_URL/checksums.txt.keyless.sig"curl -fsSLO "$BASE_URL/bumper_$VERSION_darwin_arm64.tar.gz"Verify the checksums file with cosign:
cosign verify-blob checksums.txt \ --certificate checksums.txt.pem \ --signature checksums.txt.keyless.sig \ --certificate-identity 'https://github.com/disintegrator/bumper/.github/workflows/release.yaml@refs/heads/main' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'Verify your downloaded artifact or installed binary matches the checksum:
sha256sum --check checksums.txt --ignore-missingFinally, extract the binary and move it to your PATH:
tar -xzf bumper_0.0.6_darwin_arm64.tar.gzmv bumper /usr/local/bin/bumper