diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 43997ea..c2b6539 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,8 +6,9 @@ on:
       - '*'
 
 permissions:
-    contents: read
-    id-token: write
+  actions: read
+  id-token: write
+  contents: write
 
 jobs:
   build:
@@ -28,14 +29,10 @@ jobs:
         id: hash
         run: |
           set -euo pipefail
-          echo "hashes=$(sha256sum rsd | base64 -w0)" >> "$GITHUB_OUTPUT"
+          echo "hashes=$(sha256sum ./rsd | base64 -w0)" >> "$GITHUB_OUTPUT"
   provenance:
     needs:
       - build
-    permissions:
-      actions: read
-      id-token: write
-      contents: write
     uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@5a775b367a56d5bd118a224a811bba288150a563
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"