Install Spin
- Installing Spin
- Verifying the Release Signature
- Building Spin From Source
- Using Cargo to Install Spin
- Next Steps
Installing Spin
Spin runs on Linux (amd64 and arm64), macOS (Intel and Apple Silicon), and Windows (amd64).
There are multiple ways to install Spin. The easiest is to use the installer script, hosted on this site:
$ curl -fsSL https://developer.fermyon.com/downloads/install.sh | bash
It’s highly recommended to add Spin to a folder, which is on your path, e.g.:
$ sudo mv spin /usr/local/bin/
To install a specific version, you can pass arguments to the install script this way:
$ curl -fsSL https://developer.fermyon.com/downloads/install.sh | bash -s -- -v v0.10.0
To install the canary version of spin, you should pass the argument -v canary
. The canary version is always the latest commit to the main branch of Spin:
$ curl -fsSL https://developer.fermyon.com/downloads/install.sh | bash -s -- -v canary
There are multiple ways to install Spin. The easiest is to use the installer script, hosted on this site:
$ curl -fsSL https://developer.fermyon.com/downloads/install.sh | bash
It’s highly recommended to add Spin to a folder, which is on your path, e.g.:
$ sudo mv spin /usr/local/bin/
To install a specific version, you can pass arguments to the install script this way:
$ curl -fsSL https://developer.fermyon.com/downloads/install.sh | bash -s -- -v v0.10.0
To install the canary version of spin, you should pass the argument -v canary
. The canary version is always the latest commit to the main branch of Spin:
$ curl -fsSL https://developer.fermyon.com/downloads/install.sh | bash -s -- -v canary
If using Windows (PowerShell / cmd.exe), you can download the Windows binary release of Spin.
Simply unzip the binary release and place the spin.exe
in your system path.
If you want to use WSL2 (Windows Subsystem for Linux 2), please follow the instructions for using Linux.
Verifying the Release Signature
The Spin project signs releases using Sigstore, a project that helps with signing software and stores signatures in a tamper-resistant public log. Consumers of Spin releases can validate the integrity of the package they downloaded by performing a validation of the artifact against the signature present in the public log. Specifically, users get two main guarantees by verifying the signature: 1) that the author of the artifact is indeed the one expected (i.e. the build infrastructure associated with the Spin project, at a given revision that can be inspected), and 2) that the content generated by the build infrastructure has not been tampered with.
To verify the release signature, first configure Cosign v2.0.0+. This is the CLI tool that we will use validate the signature.
The same directory where the installation script was run should also contain a signature of the Spin binary and the certificate used to perform the signature. The following command will perform the signature verification using the cosign
CLI:
$ cosign verify-blob \
--signature spin.sig \
--certificate crt.pem \
--certificate-identity https://github.com/fermyon/spin/.github/workflows/release.yml@refs/tags/ \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
# --certificate-github-workflow-sha \
./spin
Verified OK
You can now move the Spin binary to the path knowing that it was indeed built by the infrastructure associated with the Spin project, and that it has not been tampered with since the build.
Building Spin From Source
Follow the contribution document for a detailed guide on building Spin from source:
$ git clone https://github.com/fermyon/spin
$ cd spin && make build
$ ./target/release/spin --help
Please note: On a fresh Linux installation, you will also need the standard build toolchain (
gcc
,make
, etc.), the SSL library headers, and on some distributions you may needpkg-config
. For example, on Debian-like distributions, including Ubuntu, you can install the standard build toolchain with this command:
$ sudo apt-get install build-essential libssl-dev pkg-config
Using Cargo to Install Spin
If you have cargo
, you can clone the repo and install it to your path:
$ git clone https://github.com/fermyon/spin -b v0.10.0
$ cd spin
$ rustup target add wasm32-wasi
$ cargo install --locked --path .
$ spin --help
Please note: Spin v0.10.0 requires
wasmtime v5.0.0
which requires rustc 1.66.0 or newer. You can update Rust using the following command:
$ rustup update
Next Steps
- Take Spin for a spin
- Learn about how to write a Spin application
- Try the Fermyon Cloud
Did we miss something?
Let us know how we can improve this project, or contribute an edit to this page. We really appreciate your feedback, to help us build better tools.