mirrors/bisq
1
0
Fork 0
mirror of https://github.com/bisq-network/bisq.git synced 2024-11-19 01:41:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5239 from ripcurlx/update-release-process

Browse Source 
Add step for signature creation for Arch Linux
This commit is contained in:
sqrrm 2021-03-11 10:22:08 +01:00 committed by GitHub
commit f97595ddc2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
docs/release-process.md
View File

@ -79,9 +79,9 @@ with following configuration:
Build output expected in deploy directory (opened after successful build process):
1. `Bisq-${NEW-VERSION}.dmg` macOS signed installer
2. `Bisq-${NEW-VERSION}.jar` Deterministic fat jar
3. `Bisq-${NEW-VERSION}.jar.txt` sha256 sum of deterministic fat jar
1. `Bisq-${NEW_VERSION}.dmg` macOS signed installer
2. `Bisq-${NEW_VERSION}.jar` Deterministic fat jar
3. `Bisq-${NEW_VERSION}.jar.txt` sha256 sum of deterministic fat jar
The build script also copies over the deterministic fat jar into the shared folders for the other VMs (Windows & Linux).
Before building the other binaries install the generated Bisq app on macOS and verify that everything works as expected.
@ -92,8 +92,8 @@ Before building the other binaries install the generated Bisq app on macOS and v
Build output expected:
1. `Bisq-${NEW-VERSION}.deb` package for distributions that derive from Debian
2. `Bisq-${NEW-VERSION}.rpm` package for distributions that derive from Redhat based distros
1. `Bisq-${NEW_VERSION}.deb` package for distributions that derive from Debian
2. `Bisq-${NEW_VERSION}.rpm` package for distributions that derive from Redhat based distros
* Install and run generated package
@ -103,8 +103,8 @@ Build output expected:
Build output expected:
1. `Bisq-${NEW-VERSION}.exe` Windows unsigned installer
2. `Bisq-${NEW-VERSION}.exe.txt` sha256 sum of installer
1. `Bisq-${NEW_VERSION}.exe` Windows unsigned installer
2. `Bisq-${NEW_VERSION}.exe.txt` sha256 sum of installer
### Sign release on macOS
@ -112,19 +112,19 @@ Build output expected:
Build output expected:
1. `F379A1C6.asc` Sig key of Manfred Karrer
2. `5BC5ED73.asc` Sig key of Chris Beams
3. `29CDFD3B.asc`Sig key of Christoph Atteneder
4. `signingkey.asc` Fingerprint of key that was used for these builds
5. `Bisq-${NEW-VERSION}.jar.txt` Sha256 sum of deterministic fat jar
6. `Bisq-${NEW-VERSION}.dmg` macOS installer
7. `Bisq-${NEW-VERSION}.dmg.asc` Signature for macOS installer
8. `Bisq-${NEW-VERSION}.deb` Debian package
9. `Bisq-${NEW-VERSION}.deb.asc` Signature for Debian package
10. `Bisq-${NEW-VERSION}.rpm` Redhat based distro package
11. `Bisq-${NEW-VERSION}.rpm.asc` Signature for Redhat based distro package
12. `Bisq-${NEW-VERSION}.exe` Windows installer
13. `Bisq-${NEW-VERSION}.exe.asc` Signature for Windows installer
1. `F379A1C6.asc` Sig key of Manfred Karrer
2. `5BC5ED73.asc` Sig key of Chris Beams
3. `29CDFD3B.asc`Sig key of Christoph Atteneder
4. `signingkey.asc` Fingerprint of key that was used for these builds
5. `Bisq-${NEW_VERSION}.jar.txt` Sha256 sum of deterministic fat jar
6. `Bisq-${NEW_VERSION}.dmg` macOS installer
7. `Bisq-${NEW_VERSION}.dmg.asc` Signature for macOS installer
8. `Bisq-${NEW_VERSION}.deb` Debian package
9. `Bisq-${NEW_VERSION}.deb.asc` Signature for Debian package
10. `Bisq-${NEW_VERSION}.rpm` Redhat based distro package
11. `Bisq-${NEW_VERSION}.rpm.asc` Signature for Redhat based distro package
12. `Bisq-${NEW_VERSION}.exe` Windows installer
13. `Bisq-${NEW_VERSION}.exe.asc` Signature for Windows installer
* Run a AV scan over all files on the Windows VM where the files got copied over.
@ -164,6 +164,15 @@ If all was successful:
Check the checkbox for update, set the version number (e.g. 0.9.4) and add the short version of the release notes.
* After sending the Update message leave it running for about 1 minute to give time for good propagation.
* Make a backup of that alert sender app data directory
* To support source code signature verification for Arch Linux download `Source code (tar.gz)`, sign it and
upload signature.
```
# sign source code bundle
gpg --digest-algo SHA256 --local-user $BISQ_GPG_USER --output bisq-${NEW_VERSION}.tar.gz.asc --detach-sig --armor bisq-${NEW_VERSION}.tar.gz
# verify signature of source code bundle
gpg --digest-algo SHA256 --verify bisq-${NEW_VERSION}.tar.gz{.asc*,}
```
### Announce the release