chore: update docs for release v2.1.0

README.md

@@ -123,7 +123,7 @@ You have two options to install the verifier.
 
 If you want to install the verifier, you can run the following command:
 ```bash
-$ go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.0.1
+$ go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.1.0
 $ slsa-verifier <options>
 ```
 
@@ -159,7 +159,7 @@ $ grep _ tooling_test.go | cut -f2 -d '"' | xargs -n1 -t go install
 
 ```bash
 $ git clone git@github.com:slsa-framework/slsa-verifier.git
-$ cd slsa-verifier && git checkout v2.0.1
+$ cd slsa-verifier && git checkout v2.1.0
 $ go run ./cli/slsa-verifier <options>
 ```
 
@@ -169,7 +169,7 @@ If you need to install the verifier to run in a GitHub workflow, use the install
 
 ### Download the binary
 
-Download the binary from the latest release at [https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1)
+Download the binary from the latest release at [https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.1.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.1.0)
 
 Download the [SHA256SUM.md](https://github.com/slsa-framework/slsa-verifier/blob/main/SHA256SUM.md).
 

RELEASE.md

@@ -36,7 +36,7 @@ Do **NOT** submit any more code between now and the final release.
 
 Check the following:
 
-1. Ensure that the release is successful and provenance can be verified properly. 
+1. Ensure that the release is successful and provenance can be verified properly.
 2. Either manually trigger or wait for a nightly scheduled run of all [example-package e2e tests](https://github.com/slsa-framework/example-package/tree/main/.github/workflows) and ensure that all tests are passing.
 3. Ensure that the latest release can be installed via a `go install`.
 4. Verify that the version reported by the `version` command is correct:
@@ -94,7 +94,7 @@ If the provenance verification fails, delete the release and the tag. Otherwise,
 
 Follow these steps:
 
-1. Compute the hash of the binary. One of the following commands will do:
+1. Compute the hashes of all the binaries. One of the following commands will do:
 ```
 $ cat slsa-verifier-linux-amd64.intoto.jsonl | jq -r '.payload' | base64 -d | jq -r '.subject[0].digest.sha256'
 ```
@@ -103,11 +103,12 @@ or
 $ sha256sum slsa-verifier-linux-amd64
 ```
 
-2. Add an additional entry at the top of [SHA256SUM.md](./SHA256SUM.md):
+2. Add additional entries for each release binary at the top of [SHA256SUM.md](./SHA256SUM.md):
 
 ```
 ### [vX.Y.Z](https://github.com/slsa-framework/slsa-verifier/releases/tag/vX.Y.Z)
 <the-hash>  slsa-verifier-linux-amd64
+<the-hash>  slsa-verifier-linux-arm64
 ```
 
 3. Update the latest version in the main [README.md](./README.md) and the installer Action's [actions/installer/README.md](./actions/installer/README.md):
@@ -124,6 +125,6 @@ $ sed -i "s/v1.0.0/v1.1.1/g" ./README.md ./actions/installer/README.md
 
 ## Update builders
 
-Send a similar pull request to update the hash and version of the verifier for the workflow [slsa-framework/slsa-github-generator/blob/main/.github/workflows/builder_go_slsa3.yml#L30-L31](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/builder_go_slsa3.yml#L30-L31). Explain the steps to verify the hash. If the pull request for the verifier is already merged, you can simply point to it instead.
+Send a similar pull request to update the hash and version of the verifier for the action [generate-builder](https://github.com/slsa-framework/slsa-github-generator/blob/6a2cc1cb559a81ffbbcd4248026c6ea89bdab2b6/.github/actions/generate-builder/action.yml#L70-L71). Explain the steps to verify the hash. If the pull request for the verifier is already merged, you can simply point to it instead.
 
 Note: you need not cut a release for the generator, unless the verifier has important changes that are required for the builders to work properly.

SHA256SUM.md

@@ -1,3 +1,11 @@
+### [v2.1.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.1.0)
+538e5346784ddab14189dd66fb995e49c69247985a364558ad3b44e1fbff04cf  slsa-verifier-linux-amd64
+a4ca803a99584dd08876263a86b79489cb7b7210912c122e1dd2acaf38feaf7c  slsa-verifier-linux-arm64
+cc0529849fd9cc3996ec61e100b604dbf728f7aee056d8d6d55705f64e1b35e1  slsa-verifier-darwin-amd64
+57ab717980af191b8468d1878e476783819cd6dc1cad4bed46faee981974dd1a  slsa-verifier-darwin-arm64
+2fb8b4b5b6b8c3316f49be192204326582931f924e8b45ff83bed855a84da475  slsa-verifier-windows-amd64.exe
+3dbbd5445c6cb6b87c2e8234aa6e95bf3a2f7b958037fbbde7f59fbeb5e7e1f0  slsa-verifier-windows-arm64.exe
+
 ### [v2.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1)
 ad4b408c43504d439827998c27ab4be1c44ff467ccb39b78da01568f8542b10e slsa-verifier-linux-amd64
 

actions/installer/README.md

@@ -11,7 +11,7 @@ For more information about SLSA in general, see [https://slsa.dev](https://slsa.
 To install a specific version of `slsa-verifier`, use:
 
 ```yaml
-uses: slsa-framework/slsa-verifier-installer@v2.0.1
+uses: slsa-framework/slsa-verifier-installer@v2.1.0
 ```
 
 See https://github.com/slsa-framework/slsa-verifier/releases for the list of available `slsa-verifier` releases. Only versions greater or equal to 2.0.1 are supported.