build: sign tarball instead of sha256sum

Adam Majer pointed out in [1] the way were signing releases was
unusual. Neither Carl nor I could think of a good reason for
explicitely signing the checksum (internally of course that's what GPG
is going anyway).

[1] mid:b3fd556d-c346-7af9-a7a2-13b0f3235071@suse.de
This commit is contained in:
David Bremner 2019-02-12 22:17:03 -04:00
parent 152b6cac5d
commit b8a8dbed91
2 changed files with 3 additions and 3 deletions

View file

@ -44,7 +44,7 @@ TAR_FILE=$(PACKAGE)-$(VERSION).tar.gz
ELPA_FILE:=$(PACKAGE)-emacs-$(ELPA_VERSION).tar ELPA_FILE:=$(PACKAGE)-emacs-$(ELPA_VERSION).tar
DEB_TAR_FILE=$(PACKAGE)_$(VERSION).orig.tar.gz DEB_TAR_FILE=$(PACKAGE)_$(VERSION).orig.tar.gz
SHA256_FILE=$(TAR_FILE).sha256 SHA256_FILE=$(TAR_FILE).sha256
GPG_FILE=$(SHA256_FILE).asc GPG_FILE=$(TAR_FILE).asc
PV_FILE=bindings/python/notmuch/version.py PV_FILE=bindings/python/notmuch/version.py

View file

@ -42,8 +42,8 @@ $(TAR_FILE):
$(SHA256_FILE): $(TAR_FILE) $(SHA256_FILE): $(TAR_FILE)
sha256sum $^ > $@ sha256sum $^ > $@
$(GPG_FILE): $(SHA256_FILE) $(GPG_FILE): $(TAR_FILE)
gpg --armor --sign $^ gpg --armor --detach-sign $^
.PHONY: dist .PHONY: dist
dist: $(TAR_FILE) dist: $(TAR_FILE)