Download

Latest release: 1.0.0

See the release page for signed, prebuilt binaries and other downloads for this release. Our source code is maintained on GitHub.

or

Install with Cargo:

cargo install --locked zakura

Builds Zakura from the published source with your own Rust toolchain.

Release signing key

Each release's SHA256SUMS.txt is signed by the Zakura lead maintainer with minisign. The public key is:

RWTZkHOmfhxdQf43RZJyOawUNvMSlbPH539O9Y2Sir/ZHTihqnSO1RZn

Installing with Cargo

The recommended way to install Zakura is from crates.io with Cargo, Rust's package manager:

cargo install --locked zakura

This fetches the latest release's published source and builds it with your own Rust toolchain, with --locked pinning the dependency versions the release was tested with. If you don't have a Rust toolchain, install Rust first.

Release binaries

If you would rather not build from source, each release also publishes prebuilt binaries, alongside a source tarball, on GitHub. Official Docker images are published on Docker Hub as zakuracore/zakura. Additional distribution channels, such as BitTorrent, are planned for later. crates.io, the GitHub releases page, and that Docker Hub repository are the only official distribution channels: a Zakura binary or package offered anywhere else is not from this project.

Verifying releases

Each release's SHA256SUMS.txt is signed by the Zakura lead maintainer with minisign, using the public key published at the top of this page, and every release asset carries a GitHub artifact attestation providing evidence that it was built, unmodified, by the repository's CI. The repository's VERIFY.md is the authoritative guide; in brief, with the GitHub CLI and minisign installed, verifying the latest release is:

gh release download -R zakura-core/zakura
minisign -Vm SHA256SUMS.txt -P RWTZkHOmfhxdQf43RZJyOawUNvMSlbPH539O9Y2Sir/ZHTihqnSO1RZn
sha256sum -c --ignore-missing SHA256SUMS.txt   # macOS: shasum -a 256 -c --ignore-missing SHA256SUMS.txt
gh attestation verify <binary> --repo zakura-core/zakura

Expect a verified signature with a trusted comment naming the release tag, OK for each binary you downloaded, and a passing attestation. If any check fails, delete the download and report it.

The Docker images are not yet signed: verify the binary archives instead, or build images from source.

Building from source

Beyond cargo install, you can build Zakura directly from the source code on GitHub; see the repository README for build instructions.