mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-25 04:18:08 +01:00
build: sign tarball instead of sha256sum
Adam Majer pointed out in [1] the way were signing releases was unusual. Neither Carl nor I could think of a good reason for explicitely signing the checksum (internally of course that's what GPG is going anyway). [1] mid:b3fd556d-c346-7af9-a7a2-13b0f3235071@suse.de
This commit is contained in:
parent
152b6cac5d
commit
b8a8dbed91
2 changed files with 3 additions and 3 deletions
|
@ -44,7 +44,7 @@ TAR_FILE=$(PACKAGE)-$(VERSION).tar.gz
|
|||
ELPA_FILE:=$(PACKAGE)-emacs-$(ELPA_VERSION).tar
|
||||
DEB_TAR_FILE=$(PACKAGE)_$(VERSION).orig.tar.gz
|
||||
SHA256_FILE=$(TAR_FILE).sha256
|
||||
GPG_FILE=$(SHA256_FILE).asc
|
||||
GPG_FILE=$(TAR_FILE).asc
|
||||
|
||||
PV_FILE=bindings/python/notmuch/version.py
|
||||
|
||||
|
|
|
@ -42,8 +42,8 @@ $(TAR_FILE):
|
|||
$(SHA256_FILE): $(TAR_FILE)
|
||||
sha256sum $^ > $@
|
||||
|
||||
$(GPG_FILE): $(SHA256_FILE)
|
||||
gpg --armor --sign $^
|
||||
$(GPG_FILE): $(TAR_FILE)
|
||||
gpg --armor --detach-sign $^
|
||||
|
||||
.PHONY: dist
|
||||
dist: $(TAR_FILE)
|
||||
|
|
Loading…
Reference in a new issue