Download
Latest release: 1.0.0
See the release page for signed, prebuilt binaries and other downloads for this release. Our source code is maintained on GitHub.
or
Install with Cargo:
cargo install --locked zakura
Builds Zakura from the published source with your own Rust toolchain.
Release signing key
Each release's SHA256SUMS.txt is signed by the Zakura lead maintainer with minisign. The public key is:
RWTZkHOmfhxdQf43RZJyOawUNvMSlbPH539O9Y2Sir/ZHTihqnSO1RZn
Installing with Cargo
The recommended way to install Zakura is from crates.io with Cargo, Rust's package manager:
cargo install --locked zakura
This fetches the latest release's published source and builds it with your own Rust toolchain, with --locked pinning the dependency versions the release was tested with. If you don't have a Rust toolchain, install Rust first.
Release binaries
If you would rather not build from source, each release also publishes prebuilt binaries, alongside a source tarball, on GitHub. Official Docker images are published on Docker Hub as zakuracore/zakura. Additional distribution channels, such as BitTorrent, are planned for later. crates.io, the GitHub releases page, and that Docker Hub repository are the only official distribution channels: a Zakura binary or package offered anywhere else is not from this project.
Verifying releases
Each release's SHA256SUMS.txt is signed by the Zakura lead maintainer with minisign, using the public key published at the top of this page, and every release asset carries a GitHub artifact attestation providing evidence that it was built, unmodified, by the repository's CI. The repository's VERIFY.md is the authoritative guide; in brief, with the GitHub CLI and minisign installed, verifying the latest release is:
gh release download -R zakura-core/zakura
minisign -Vm SHA256SUMS.txt -P RWTZkHOmfhxdQf43RZJyOawUNvMSlbPH539O9Y2Sir/ZHTihqnSO1RZn
sha256sum -c --ignore-missing SHA256SUMS.txt # macOS: shasum -a 256 -c --ignore-missing SHA256SUMS.txt
gh attestation verify <binary> --repo zakura-core/zakura
Expect a verified signature with a trusted comment naming the release tag, OK for each binary you downloaded, and a passing attestation. If any check fails, delete the download and report it.
The Docker images are not yet signed: verify the binary archives instead, or build images from source.
Building from source
Beyond cargo install, you can build Zakura directly from the source code on GitHub; see the repository README for build instructions.