Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Notes on making a signed software release
Notes on making a signed software release
Create a signed tag called NAME-VERSION with
git tag --message=NAME-VERSION --sign NAME-VERSION
Generate a release tar.gz and signature with
git archive --output=NAME-VERSION.tar.gz --prefix=NAME-VERSION/ NAME-VERSION
zcat NAME-VERSION.tar.gz | gpg --armor --detach-sign >NAME-VERSION.tar.sign
Verify the signature with
zcat gist-1.0.tar.gz | gpg --verify gist-1.0.tar.sign -
Generate a tar.bz2 or tar.xz if required with
zcat NAME-VERSION.tar.gz | bzip2 - >NAME-VERSION.tar.xz
zcat NAME-VERSION.tar.gz | xz - >NAME-VERSION.tar.xz
Upload the release tarball(s) and detached signature file to the Github
project download area, and update with the new
links if necessary.
git tag --message=gist-1.0 --sign gist-1.0
git archive --output=gist-1.0.tar.gz --prefix=gist-1.0/ gist-1.0
zcat gist-1.0.tar.gz | gpg --armor --detach-sign >gist-1.0.tar.sign
zcat gist-1.0.tar.gz | gpg --verify gist-1.0.tar.sign -
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment