From e806b22f33087337c7fa709f3fe62e8211d14fd9 Mon Sep 17 00:00:00 2001
From: "kali kaneko (leap communications)" <kali@leap.se>
Date: Thu, 11 Mar 2021 21:27:30 +0100
Subject: [PATCH] [pkg] hash and sign artifacts

---
 Makefile           | 8 ++++++++
 docs/build-win.rst | 9 +++++++++
 2 files changed, 17 insertions(+)

diff --git a/Makefile b/Makefile
index ef6bf916..3e66175d 100644
--- a/Makefile
+++ b/Makefile
@@ -393,6 +393,14 @@ package_snap:
 package_deb:
 	@make -C build/${PROVIDER} pkg_deb
 
+sign_artifact:
+	@find ${FILE} -type f -not -name "*.asc" -print0 | xargs -0 -n1 -I{} sha256sum -b "{}" | sed 's/*deploy\///' > ${FILE}.sha256
+	@gpg --clear-sign --armor ${FILE}.sha256
+
+upload_artifact:
+	scp ${FILE} downloads.leap.se:./
+	scp ${FILE}.sha256.asc downloads.leap.se:./
+
 
 #########################################################################
 # icons & locales
diff --git a/docs/build-win.rst b/docs/build-win.rst
index 1e65c27b..0deff8d0 100644
--- a/docs/build-win.rst
+++ b/docs/build-win.rst
@@ -51,6 +51,15 @@ or all together as::
 
   make package_win_release
 
+Uploading installer
+-------------------
+
+Since 0.21.2, we're hashing and signing the installers::
+
+  export FILE=deploy/RiseupVPN-installer-0.21.2.exe
+  make sign_artifact
+  make upload_artifact
+
 
 unreviewed notes
 ----------------
-- 
GitLab