build: use sha256sum instead of sha1sum to sign releases

This commit is contained in:
David Bremner 2017-03-01 20:44:47 -04:00
parent 4f2a7993a5
commit 914c4db1f2
2 changed files with 6 additions and 7 deletions

View file

@ -43,8 +43,8 @@ RELEASE_URL=https://notmuchmail.org/releases
TAR_FILE=$(PACKAGE)-$(VERSION).tar.gz
ELPA_FILE:=$(PACKAGE)-emacs-$(ELPA_VERSION).tar
DEB_TAR_FILE=$(PACKAGE)_$(VERSION).orig.tar.gz
SHA1_FILE=$(TAR_FILE).sha1
GPG_FILE=$(SHA1_FILE).asc
SHA256_FILE=$(TAR_FILE).sha256
GPG_FILE=$(SHA256_FILE).asc
PV_FILE=bindings/python/notmuch/version.py

View file

@ -36,11 +36,10 @@ $(TAR_FILE):
gzip < $(TAR_FILE).tmp > $(TAR_FILE)
@echo "Source is ready for release in $(TAR_FILE)"
$(SHA1_FILE): $(TAR_FILE)
sha1sum $^ > $@
$(SHA256_FILE): $(TAR_FILE)
sha256sum $^ > $@
$(GPG_FILE): $(SHA1_FILE)
@echo "Please enter your GPG password to sign the checksum."
$(GPG_FILE): $(SHA256_FILE)
gpg --armor --sign $^
.PHONY: dist