From f3517d2e4b7f6acb537358962d91c48fa4e49704 Mon Sep 17 00:00:00 2001 From: Mark Qvist Date: Thu, 28 May 2026 17:55:40 +0200 Subject: [PATCH] Prepare release --- Changelog.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/Changelog.md b/Changelog.md index beaeac48..964e4158 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,44 @@ +### 2026-05-28: RNS 1.3.2 + +This release adds commit signing and validation support to the `rngit` system, as well as improvements to the blackhole functionality. + +**Changes** +- Extended blackhole functionality to immediately terminate links from blackholed identities +- Added commit signing and validation to `rngit` +- Added commit hash inclusion in generated release manifest to `rngit` +- Added local `verify` operation shorthand to `rngit release` +- Added option to configure blackhole update interval +- Added configuration option to log without timestamps + +**Verified Retrieval** +You can retrieve and verify this release over Reticulum using the built-in `rngit release` utility. To retrieve only the installation `.whl` package, and the release manifest for future updates, you can use: + +```sh +rngit release rns://7649a50d84610232d1416b41d2896aff/reticulum/reticulum fetch "latest:rns-*.whl" --signer bc7291552be7a58f361522990465165c +``` + +To download all artifacts, including the documentation and source archive, you can use the following command: + +```sh +rngit release rns://7649a50d84610232d1416b41d2896aff/reticulum/reticulum fetch latest:all --signer bc7291552be7a58f361522990465165c +``` + +**Release Signatures** +Release artifacts include a signed `rsm` release manifest and `rsg` signature files that can be validated against the RNS release signing identity `` using `rngit` or `rnid`. To perform an offline verification of all release artifacts using a manifest: + +```sh +rngit release rns_*.rsm verify --signer bc7291552be7a58f361522990465165c +``` + +To verify release artifacts using individual `rsg` files, while also verifying the manifest itself, download the `rsm` and `rsg` signatures, make sure they are in the same folder as the release artifact, and run `rnid` signature verification with the release identity as the required signer: + +```sh +rnid -i bc7291552be7a58f361522990465165c -V rns_*.rsm *.rsg +``` + +The `rnid` utility will then verify the signatures, and display whether they are valid. If the signature cannot be verified, the release has been tampered with and should be discarded. + + ### 2026-05-22: RNS 1.3.1 This maintenance release fixes a single bug.