Add signatures for each file for releases

Question

Add signatures for each file for releases

RubenKelevra opened this issue 2 years ago · comments

I'm the package maintainer for lbry-desktop-bin (and other lbry-desktop packages) for ArchLinux.

The request

It would be nice to have a PGP signature for each file, specifically the .deb file in my case. The reason being that the package builder for Arch can check the signature, if a signature file and a key ID is provided. Currently, it is just checking the package integrity with the blake2b sum, which I provide. A signature file would enable an authenticity check of the file from your computer to the end user's computer.

jessopb · Answer 1 · Mon Oct 24 2022 20:59:35 GMT+0800 (China Standard Time)

https://github.com/lbryio/lbry-desktop/releases/download/v0.53.6/LBRY_v0.53.6_sigs.asc This is here on every release - do you need something else?

@RubenKelevra · Answer 2 · Mon Oct 24 2022 22:50:02 GMT+0800 (China Standard Time)

@jessopb yes. That's a file listing sha keys, which then gets signed.

I need a signature file for the .deb file.

AKA gpg --sign * in the folder with the release files, to create a corresponding signature next to them in as .asc file.

Thanks in advance! :)