This document explains how to verify official Nomos release artifacts.
It is also the canonical reference for the current supply-chain trust model.
Nomos release assets are signed with Sigstore keyless signing.
Verification trust root:
- Fulcio-issued signing certificate
- Rekor transparency log inclusion
- GitHub Actions OIDC identity for the Nomos release workflow
Expected signer identity:
- workflow:
.github/workflows/release.yml - repository:
safe-agentic-world/nomos - OIDC issuer:
https://token.actions.githubusercontent.com
At minimum, each official release publishes:
nomos-linux-amd64.tar.gznomos-linux-arm64.tar.gznomos-darwin-amd64.tar.gznomos-darwin-arm64.tar.gznomos-windows-amd64.zipnomos-windows-arm64.zipnomos-checksums.txtnomos-sbom.spdx.jsonnomos-provenance.intoto.jsonl
Each signed asset also has:
<asset>.sig<asset>.pem
Current note:
- the official release workflow publishes signed archives and signed metadata files
- the official release workflow does not publish container images, so image signature verification is not part of the current release path
Current release model:
- Sigstore keyless signing with Fulcio + Rekor
- SPDX JSON SBOM artifact:
nomos-sbom.spdx.json - in-toto provenance artifact:
nomos-provenance.intoto.jsonl - provenance predicate alignment:
https://slsa.dev/provenance/v1
Trust boundary note:
- binary/archive trust and policy-bundle trust are separate
- policy bundle trust remains separate from binary trust
cosigninstalled locally- the downloaded release assets in one directory
Before cryptographic verification, confirm these files are present:
nomos-checksums.txtnomos-checksums.txt.signomos-checksums.txt.pemnomos-sbom.spdx.jsonnomos-sbom.spdx.json.signomos-sbom.spdx.json.pemnomos-provenance.intoto.jsonlnomos-provenance.intoto.jsonl.signomos-provenance.intoto.jsonl.pem
If any required file is missing, verification has failed and the release should be treated as untrusted.
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/safe-agentic-world/nomos/.github/workflows/release.yml@.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--signature nomos-checksums.txt.sig \
--certificate nomos-checksums.txt.pem \
nomos-checksums.txtThen verify the target archive against the published checksum list:
sha256sum -c nomos-checksums.txt --ignore-missingExample:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/safe-agentic-world/nomos/.github/workflows/release.yml@.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--signature nomos-linux-amd64.tar.gz.sig \
--certificate nomos-linux-amd64.tar.gz.pem \
nomos-linux-amd64.tar.gzSBOM:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/safe-agentic-world/nomos/.github/workflows/release.yml@.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--signature nomos-sbom.spdx.json.sig \
--certificate nomos-sbom.spdx.json.pem \
nomos-sbom.spdx.jsonProvenance:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/safe-agentic-world/nomos/.github/workflows/release.yml@.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--signature nomos-provenance.intoto.jsonl.sig \
--certificate nomos-provenance.intoto.jsonl.pem \
nomos-provenance.intoto.jsonlTreat verification as failed if:
- any expected artifact is missing
cosign verify-blobreturns a non-zero exit code- the certificate identity does not match the expected release workflow
- the OIDC issuer is not
https://token.actions.githubusercontent.com - the archive digest does not match
nomos-checksums.txt
An invalid signature or missing artifact means the release cannot be trusted as an official Nomos release.
Release verification answers:
- "Is this Nomos binary or archive an authentic official build?"
It does not answer:
- "Is the policy bundle loaded by this runtime trusted?"
Policy bundles remain a separate trust domain and should be verified with Nomos policy bundle verification controls (policy.verify_signatures) where enabled.