mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 19:08:59 +00:00
Use sha256 for signing release files
This commit is contained in:
parent
4e8d21d849
commit
7120c4a748
@ -1,5 +1,9 @@
|
||||
2020-10-25 Jay Berkenbilt <ejb@ql.org>
|
||||
|
||||
* When signing distribution files, generate sha256 checksums
|
||||
instead of md5, sha1, and sha512. sha256 seems to be more widely
|
||||
used, and there's no reason to use md5 or sha1 anymore.
|
||||
|
||||
* Official Windows releases are now built using the openssl crypto
|
||||
provider. The native provider is still available for selection at
|
||||
runtime using the QPDF_CRYPTO_PROVIDER environment variable.
|
||||
|
@ -112,6 +112,11 @@ RELEASE PREPARATION
|
||||
search for copyright. Don't forget copyright in manual. Also update
|
||||
debian copyright in debian package. Last updated: 2020.
|
||||
|
||||
* Take a look at "External Libraries" in TODO to see if we need to
|
||||
make any changes. There is still some automation work left to do, so
|
||||
handling external-libs releases is still manual. See also
|
||||
README-maintainer in external-libs.
|
||||
|
||||
* Check for open fuzz crashes at https://oss-fuzz.com
|
||||
|
||||
* Check lgtm: https://lgtm.com/projects/g/qpdf/qpdf/?mode=list
|
||||
@ -244,13 +249,11 @@ gpg --detach-sign --armor qpdf-$version.tar.gz
|
||||
Windows binaries, the AppImage, the source tarball, and the source
|
||||
tarball signature.
|
||||
|
||||
\rm -f *.{md5,sha1,sha512}
|
||||
\rm -f *.sha256
|
||||
files=(*)
|
||||
for i in md5 sha1 sha512; do
|
||||
${i}sum ${files[*]} >| qpdf-$version.$i
|
||||
gpg --clearsign --armor qpdf-$version.$i
|
||||
mv qpdf-$version.$i.asc qpdf-$version.$i
|
||||
done
|
||||
sha256sum ${files[*]} >| qpdf-$version.sha256
|
||||
gpg --clearsign --armor qpdf-$version.sha256
|
||||
mv qpdf-$version.sha256.asc qpdf-$version.sha256
|
||||
chmod 444 *
|
||||
chmod 555 *.AppImage
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user