CLI Changelog
Release history for the Lens CLI for signing media in the cloud
1.2.1
Release date: 11/19/24
- Added support for signing and validating with C2PA spec version 2.1.
- Added support for ingredients to optionally be prefixed with "parent:" or "component:" to indicate the relationship of the ingredient to the input media file.
1.1.0
Release date: 9/5/24
- Added support for signing all formats that our C2PA library supports, with the exception of fmp4 (streaming) files, which is coming later this year.
- Removed the default demo profile.
- Adjusted demo account settings to maintain a fair and reliable experience for all users.
1.0.1
Release date: 7/25/24
Transition from 1.0.0-beta.1 to the stable 1.0.1 release.
1.0.0
Release date: 7/19/24 as 1.0.0-beta.1
- Added support for signing and verifying media using the C2PA v2.0 specification.
- Added support for created and gathered assertions in C2PA 2.0. To sign a created assertion, add
"source": "created"
to the object. If not specified, it will be automatically added as a gathered assertion. Any non-standard assertion will be added as a gathered assertion regardless of whether the provided assertions specifies it as created. - Added an option to the sign command,
--TARGET_SPEC_VERSION
, which can be used to specify the target C2PA spec version used for claim generation. Default is "1.4". - Added an option to the sign command,
--MINIMUM_INGREDIENT_SPEC_VERSION
, which can be used to specify the minimum C2PA spec version used for validating ingredient manifests during claim generation. Default is "1.4". - Added an option to the verify command,
--MINIMUM_SPEC_VERSION
, which can be used to specify the minimum C2PA spec version allowed for validation. Default is "1.4". - Added support for adding a thumbnail with an option
--PROVIDED_THUMBNAIL
, which can be used with the sign command with a path to a JPG or PNG. With the 2.0 specification, a thumbnail can be designated as a created or gathered assertion.--PROVIDED_THUMBNAIL_ASSERTION_SOURCE
, an enum ("created" or "gathered"), can be used with the thumbnail to indicate which type of assertion it should be added as. The default is "gathered". - Added support for verifying media with external C2PA manifests.
- Added support for adding ingredients that have external manifests. When done this way, the external manifest will automatically be downloaded and inserted as embedded.
0.8.0
Release date: 3/13/24
- Added support for C2PA v1.4's new
c2pa.metadata
assertions. - Improved verification accuracy by refining the validation process to no longer categorize an OCSP (Online Certificate Status Protocol) check failure as a validation failure. This update ensures that a check failure, which occurs when the OCSP service is unable to confirm the validity or revocation status of a certificate (e.g., due to an expired certificate or unreachable service), does not lead to erroneous validation failure results.
- In alignment with specification guidelines, removed the ability to generate an update manifest when an action assertion is present. According to the specification, update manifests are only permissible when content remains unchanged. Should content modifications occur, inclusion of an ingredient is necessary to generate a standard manifest.
- Improved error handling by addressing panick errors.
0.7.2
Release date: 3/5/24
- Added support for the metadata object within assertions, which allows you to customize display text for actions, including custom-defined ones.
- Added support to define a claim generator icon when signing.
- Updated claim generator version to no longer be required.
0.7.1
Release date: 2/20/24
- Added support to customize the claim generator name and version when signing.
- Fixed an issue causing unsigned ingredients, lacking any Content Credentials, to be marked as invalid Content Credentials in the Verify tool.
0.7.0
Release date: 2/7/24
- Added support to sign and verify webp images.
- Added support to sign and verify AVIF images, though thumbnails are not supported.
- Added support
c2pa.ingredient.v2
assertions for all ingredients. - Added support for resigning an already signed file, otherwise known as creating an update manifest.
- Added support to add ingredients that are unsigned.
- To the verification response, added granular validation information.
- Added support to remove a manifest, via the
manifest remove
command. - Fixed a data hash vulnerability.
- Fixed an issue where the second thumbnail no longer appears when a third manifest is added.
0.6.1
Release date: 11/17/23
- Added support to respect order of Creative Work assertion objects. Data will be signed into the file in the order it was included in the assertion file.
- Removed automatically adding
softwareAgent
to action assertions if undefined. - Added support to define
"softwareAgent": @claim_generator
within c2pa.action assertions in JSON. The CLI will automatically insert the name of the generator, which is Truepic CLI. - Added support to sign and verify m4a audio.
0.6.0
Release date: 11/16/23
- Added support for custom assertions without the Truepic namespace.
- Added a new object to the verify command that returns true when AI metadata is detected in a manifest. This works across all known ways of disclosing AI generation in C2PA and will continue to be updated as new ones are added.
- Added full support for the Creative Work schema within the Creative Work assertion.
- Added support to define
"when": @now
within c2pa.action assertions in JSON. The CLI will automatically insert the current timestamp when signing.
0.5.0
Release date: 9/22/23
- Released a new Windows build for desktop and servers.
0.4.0
Release date: 9/22/23
Migration Note
If you've used a previous version on your machine, run these two commands in your terminal to migrate on macOS/Linux:
mv ~/.truepic-sign ~/.truepic
find ~/.truepic/*/config.toml -type f -exec sed -i '' -e 's/\.truepic-sign/\.truepic/g' {} \;
After updating, previous builds will no longer run.
- Renamed the binary from
truepic-sign
totruepic
. - Renamed the directory where profiles and such are stored from
.truepic-sign
to.truepic
. - Removed the init command and moved all of its sub-commands and options over to enroll.
- Updated the default behavior of the sign command so that it no longer automatically enrolls. The enroll command must now be called on its own.
- Added inline key provider and sub-command to the enroll command to store keys and their certificates inline with the profile.
- Added a
json
sub-command to the enroll command, which enables you to load the profile to enroll with from a JSON file or string. - Added
--private-key
and--certificate
options to thefile-system
key provider to use a pre-existing key and certificate. - Added
--force
option to the various enroll sub-commands to proceed even if a valid key and certificate already exists. - Added
--json
option to the various enroll sub-commands to output the profile as JSON on success instead of writing to a file. - Added
--profile-file
option to the sign command to load the profile from a JSON file. - Added
--profile-inline
option to the sign command to load the profile from a string of JSON. - Renamed
--assertions-file
option back to--assertions
for the sign command, and added--assertions-inline
to pass a string of JSON. - Added sign activity tracking, which is sent to our API for usage and billing purposes.
- Added progress messages to the standard error, following CLI standard convention.
0.3.1
Release date: 8/30/23
- Fixed an issue causing a certificate error when signing.
0.3.0
Release date: 8/24/23
- Added support for AWS and Azure Key Vault key providers.
- Added support to pass assertions as a JSON string, rather than as a separate JSON file.
- Added error handling and helpful messages.
- Replaced the example JSON files zip with a new Assertions page in the documentation.
- Added new CLI documentation.
- Improved progress output of multi-step commands.
- Improved help text.
0.1.0
Release date: 6/23/23
- Initial release! 🎉
Updated 18 days ago