We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 827c53b commit 50a54ceCopy full SHA for 50a54ce
1 file changed
doc/releases.md
@@ -577,14 +577,14 @@ however.
577
computer.
578
579
**e.** Sign the `SHASUMS256.txt` file using a command similar to: `gpg
580
---default-key YOURKEY --clearsign /path/to/SHASUMS256.txt`. You will be prompted
581
-by GPG for your password. The signed file will be named `SHASUMS256.txt.asc`.
+--default-key YOURKEY --digest-algo SHA256 --clearsign /path/to/SHASUMS256.txt`.
+You will be prompted by GPG for your password. The signed file will be named
582
+SHASUMS256.txt.asc.
583
584
**f.** Output an ASCII armored version of your public GPG key using a command
-similar to: `gpg --default-key YOURKEY --armor --export --output
585
-/path/to/SHASUMS256.txt.gpg`. This does not require your password and is mainly
586
-a convenience for users, although not the recommended way to get a copy of your
587
-key.
+similar to: `gpg --default-key YOURKEY --digest-algo SHA256 --detach-sign /path/to/SHASUMS256.txt`.
+SHASUMS256.txt.sig.
588
589
**g.** Upload the `SHASUMS256.txt` files back to the server into the release
590
directory.
@@ -594,8 +594,8 @@ release, you should re-run `tools/release.sh` after the ARM builds have
594
finished. That will move the ARM artifacts into the correct location. You will
595
be prompted to re-sign `SHASUMS256.txt`.
596
597
-It is possible to only sign a release by running `./tools/release.sh -s
598
-vX.Y.Z`.
+**It is possible to only sign a release by running `./tools/release.sh -s
+vX.Y.Z`.**
599
600
### 14. Check the Release
601
0 commit comments