summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMyles Borins <mylesborins@google.com>2019-11-26 15:35:08 -0500
committerDaniel Bevenius <daniel.bevenius@gmail.com>2019-12-02 06:26:30 +0100
commitc5fc802abc54ca20e047c727868543c3d8cb4093 (patch)
tree19e3205c785cd1ba4c258bd9cd8017b5f1de6cac
parent84819b8a679a9e4c65668af5527609a0e8626cdb (diff)
downloadandroid-node-v8-c5fc802abc54ca20e047c727868543c3d8cb4093.tar.gz
android-node-v8-c5fc802abc54ca20e047c727868543c3d8cb4093.tar.bz2
android-node-v8-c5fc802abc54ca20e047c727868543c3d8cb4093.zip
doc: update signature algorithm in release doc
Updated doc to reflect what is now done in tools/release.sh PR-URL: https://github.com/nodejs/node/pull/30673 Reviewed-By: Rod Vagg <rod@vagg.org>
-rw-r--r--doc/releases.md16
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/releases.md b/doc/releases.md
index c8ff4214c6..0fc7fb6220 100644
--- a/doc/releases.md
+++ b/doc/releases.md
@@ -577,14 +577,14 @@ however.
computer.
**e.** Sign the `SHASUMS256.txt` file using a command similar to: `gpg
---default-key YOURKEY --clearsign /path/to/SHASUMS256.txt`. You will be prompted
-by GPG for your password. The signed file will be named `SHASUMS256.txt.asc`.
+--default-key YOURKEY --digest-algo SHA256 --clearsign /path/to/SHASUMS256.txt`.
+You will be prompted by GPG for your password. The signed file will be named
+SHASUMS256.txt.asc.
**f.** Output an ASCII armored version of your public GPG key using a command
-similar to: `gpg --default-key YOURKEY --armor --export --output
-/path/to/SHASUMS256.txt.gpg`. This does not require your password and is mainly
-a convenience for users, although not the recommended way to get a copy of your
-key.
+similar to: `gpg --default-key YOURKEY --digest-algo SHA256 --detach-sign /path/to/SHASUMS256.txt`.
+You will be prompted by GPG for your password. The signed file will be named
+SHASUMS256.txt.sig.
**g.** Upload the `SHASUMS256.txt` files back to the server into the release
directory.
@@ -594,8 +594,8 @@ release, you should re-run `tools/release.sh` after the ARM builds have
finished. That will move the ARM artifacts into the correct location. You will
be prompted to re-sign `SHASUMS256.txt`.
-It is possible to only sign a release by running `./tools/release.sh -s
-vX.Y.Z`.
+**It is possible to only sign a release by running `./tools/release.sh -s
+vX.Y.Z`.**
### 14. Check the Release