Reference: version manifest schema
The version manifest is the single source of truth for which binaries a host installs and what their checksums must be. Both the installer and the running agent consume the same manifest. It is published at:
https://releases.atherops.com/otel-agent/manifest.json
(Override with collector.manifest_url in config.yaml, or
MANIFEST_URL for the installer.)
Schema
{
"schema_version": 1,
"tools": {
"otelcol-contrib": {
"version": "0.102.0",
"artifacts": {
"linux/amd64": {
"url": "https://releases.atherops.com/otelcol-contrib/0.102.0/otelcol-contrib_0.102.0_linux_amd64.tar.gz",
"sha256": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
"bin_path_in_archive": "otelcol-contrib"
},
"linux/arm64": {
"url": "https://releases.atherops.com/otelcol-contrib/0.102.0/otelcol-contrib_0.102.0_linux_arm64.tar.gz",
"sha256": "a87ff679a2f3e71d9181a67b7542122c6ddd57f53ab98d79df1a5b67e7a9aa58",
"bin_path_in_archive": "otelcol-contrib"
}
}
},
"atherops-otel-agent": {
"version": "0.1.2",
"artifacts": {
"linux/amd64": {
"url": "https://releases.atherops.com/otel-agent/v0.1.2/atherops-otel-agent_v0.1.2_linux_amd64.tar.gz",
"sha256": "<sha256-in-published-manifest>",
"bin_path_in_archive": "atherops-otel-agent"
},
"linux/arm64": {
"url": "https://releases.atherops.com/otel-agent/v0.1.2/atherops-otel-agent_v0.1.2_linux_arm64.tar.gz",
"sha256": "<sha256-in-published-manifest>",
"bin_path_in_archive": "atherops-otel-agent"
}
}
}
}
}
Fields
| Field | Type | Description |
|---|---|---|
schema_version | int | Manifest schema version (currently 1). |
tools | object | Map keyed by tool name (otelcol-contrib, atherops-otel-agent). |
tools.<name>.version | string | The version this tool resolves to (semver). |
tools.<name>.artifacts | object | Map keyed by "<os>/<arch>", using Go's GOOS/GOARCH form (linux/amd64, linux/arm64). |
…artifacts.<os/arch>.url | string | Download URL for the .tar.gz artifact. |
…artifacts.<os/arch>.sha256 | string | Expected SHA-256 of the artifact. The download is verified against this before it is installed or run. |
…artifacts.<os/arch>.bin_path_in_archive | string | Relative path of the binary inside the archive (may be nested; don't assume top-level). |
How it is used
- Installer: fetches the manifest, computes the SHA-256 of each downloaded
artifact with
sha256sum, and aborts (exit code2) on any mismatch before extracting. - Agent: when remote config sets a new target collector version, the agent fetches that version's artifact, verifies its SHA-256, and only then installs it and restarts. On a mismatch it keeps running the current binary.
This is the mechanism behind Supply-chain trust and central fleet upgrades.