Might be worth automating this, somehow, but at the least we should document this somewhere so we know how to do it when making new releases. Per Holger Levsen:
4 commands are needed:
md5sum tuxtype_1.7.4.dfsg1.orig.tar.gz > tuxtype_1.7.4.dfsg1.orig.tar.gz.md5
sha1sum tuxtype_1.7.4.dfsg1.orig.tar.gz > tuxtype_1.7.4.dfsg1.orig.tar.gz.sha1
gpg --sign -a tuxtype_1.7.4.dfsg1.orig.tar.gz.sha1
gpg --sign -a tuxtype_1.7.4.dfsg1.orig.tar.gz.md5
(Strictly speaking, one could probably omit md5sums as they are deprecated
today, but maybe some people are happy about them...)
The above commands give you files with the checksums, ie.
tuxtype_1.7.4.dfsg1.orig.tar.gz.sha1 and a gpg-signature for that file, ie
To calculate the checksum:
should output the same checksum everyhwere.
to verify the checksum is signed by you/whoever:
Log in to post a comment.