docs/howto: update invocation for signing assets
Currently, we tell the maintainer to specifically ensure the absence of the sha256sums.asc file before generating a file to sign. However, we don't tell the user about the Windows assets tarball that we've built as part of our Windows build process. Instead of telling a potentially harried maintainer to be sure to do something, let's help them out by providing a command in the documentation that does the right thing so they can just copy and paste. Additionally, let's pass the -b option to shasum, so that Windows systems will read the file in binary mode, which makes verification easier for Windows users.
This commit is contained in:
parent
77b6364996
commit
cb2726f19b
@ -130,12 +130,11 @@ equal to 0, we say that we are releasing a MINOR version of Git LFS, in the
|
||||
following:
|
||||
|
||||
```ShellSession
|
||||
$ (cd bin/releases && shasum -a256 * | gpg --digest-algo SHA256 --clearsign >sha256sums.asc)
|
||||
$ (cd bin/releases && \
|
||||
shasum -a256 -b * | grep -vE '(assets|sha256sums)' | \
|
||||
gpg --digest-algo SHA256 --clearsign >sha256sums.asc)
|
||||
```
|
||||
|
||||
Note that if the sha256sums.asc file exists, you must remove it first so
|
||||
the old version doesn't get written into the new file.
|
||||
|
||||
6. Run `script/upload` with the tag name and the file containing the changelog
|
||||
entries for this version (not `CHANGELOG.md`, which has all versions). This
|
||||
will create a new GitHub release and upload all the assets, giving them the
|
||||
|
Loading…
Reference in New Issue
Block a user