This document provides guidance on verifying the authenticity of Azure Quick Review (azqr) binaries.
Each release includes SHA256 checksums. Verify your download:
# Download and run the verification script
curl -sL https://raw.githubusercontent.com/Azure/azqr/main/scripts/verify-checksum.sh -o verify-checksum.sh
chmod +x verify-checksum.sh
./verify-checksum.sh 2.7.3 win-amd64# Download the checksum file
curl -sL https://github.com/Azure/azqr/releases/download/v.<version>/azqr-win-amd64.zip.sha256 -o azqr-win-amd64.zip.sha256
# Verify the checksum (Windows)
CertUtil -hashfile azqr-win-amd64.zip SHA256
# Verify the checksum (Linux/macOS)
sha256sum -c azqr-win-amd64.zip.sha256Only download from the official GitHub releases page.
Check that the release is signed by Azure/azqr maintainers on GitHub.
All binaries are built using GitHub Actions with:
- Reproducible build environment
- Pinned dependencies
- Public build logs
- Automated testing
You can verify the build process by:
- Checking the build workflow
- Reviewing the build logs
- Comparing source code with the tagged release