SIGSUM.md: extend release playbook
Some checks failed
Build and upload binaries / Build binaries (push) Has been cancelled
Build and upload binaries / Package source code (push) Has been cancelled
Interoperability tests / Trigger (push) Has been cancelled
Go tests / test (map[go-version:oldstable], macos-latest) (push) Has been cancelled
Go tests / test (map[go-version:oldstable], ubuntu-latest) (push) Has been cancelled
Go tests / test (map[go-version:oldstable], windows-latest) (push) Has been cancelled
Go tests / test (map[go-version:stable], macos-latest) (push) Has been cancelled
Go tests / test (map[go-version:stable], ubuntu-latest) (push) Has been cancelled
Go tests / test (map[go-version:stable], windows-latest) (push) Has been cancelled
Go tests / test-latest (map[go-version:oldstable]) (push) Has been cancelled
Go tests / test-latest (map[go-version:stable]) (push) Has been cancelled
Go tests / staticcheck (push) Has been cancelled
Go tests / govulncheck (push) Has been cancelled
Build and upload binaries / Upload and attest release artifacts (push) Has been cancelled

This commit is contained in:
Filippo Valsorda 2026-02-02 17:31:01 +01:00 committed by GitHub
parent 10561a774f
commit 4a3a4ef00a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -29,13 +29,14 @@ Dear future me, to sign a new release and produce Sigsum proofs, run the followi
```
VERSION=v1.3.1
go install sigsum.org/sigsum-go/cmd/sigsum-verify@latest
go install github.com/tillitis/tkey-ssh-agent/cmd/tkey-ssh-agent@latest
go install github.com/tillitis/tkey-ssh-agent/cmd/tkey-ssh-agent@main
tkey-ssh-agent --agent-socket tkey-ssh-agent.sock --uss
passage -c other/tkey-ssh-sigsum-age
SSH_AUTH_SOCK=tkey-ssh-agent.sock ssh-add -L > tkey-ssh-agent.pub
passage other/sigsum-ratelimit > sigsum-ratelimit
gh release download $VERSION --dir artifacts/
gh release download $VERSION --repo FiloSottile/age --dir artifacts/
SSH_AUTH_SOCK=tkey-ssh-agent.sock sigsum-submit -k tkey-ssh-agent.pub -P sigsum-generic-2025-1 -a sigsum-ratelimit -d filippo.io artifacts/*
gh release upload $VERSION artifacts/*.proof
gh release upload $VERSION --repo FiloSottile/age artifacts/*.proof
```
In the future, we will move to reproducing the artifacts locally, and signing