swappy

mirror of https://github.com/jtheoof/swappy.git synced 2024-08-17 02:30:47 +03:00

History

Jeremy Attali 91985c7994 fix(release): properly check sha256 remote content We need to verify the sources from github match our local content. We do this by building our own version of the git release (using `git archive`) and checking the SHA-256 checksums against the local and remote. After that it's safe to sign the remote `tar.gz` and upload the signature file to the release. One caveat is that if Github upates their git release commmand, this script will break. We'll worry about it when that happens. This drops support for `zip` signature. I wish there was a way to prevent the zip source code when doing a new release. Closes #90	2021-02-20 16:25:21 -05:00
..
bump-meson-build.js	chore(release): add bump meson script (#39 )	2020-06-22 23:03:37 -04:00
sign-post-release	fix(release): properly check sha256 remote content	2021-02-20 16:25:21 -05:00

Jeremy Attali 91985c7994 fix(release): properly check sha256 remote content

We need to verify the sources from github match our local content.
We do this by building our own version of the git release (using `git
archive`) and checking the SHA-256 checksums against the local and
remote.

After that it's safe to sign the remote `tar.gz` and upload the
signature file to the release.

One caveat is that if Github upates their git release commmand, this
script will break. We'll worry about it when that happens.

This drops support for `zip` signature. I wish there was a way to
prevent the zip source code when doing a new release.

Closes #90

2021-02-20 16:25:21 -05:00

bump-meson-build.js

chore(release): add bump meson script (#39 )

2020-06-22 23:03:37 -04:00

sign-post-release

fix(release): properly check sha256 remote content

2021-02-20 16:25:21 -05:00